| Subtotal | $0.00 |
USD
U.S. DollarEuroBritish PoundCanadian DollarsAustralian DollarsIndian RupeesChina Yuan RMBMore Info →
| Subtotal | $0.00 |
Once an SSL certificate is installed and the site can be reached via https:// appropriately, you might want to make it accessible via https:// by default. In other words, by typing domain.com in a web-browser, a user should be redirected to https://domain.com to access the site securely.
In this article, we’ll go through some of the basic types of HTTPS-redirection and show how to use .htaccess to Force HTTPS in Cpanel.
The file itself can be found if you go to cPanel >> File Manager. There, find the document root of your website. For primary cPanel domains, the folder is usually 'public_html'.
If the website is an add-on, you can look up its document root in the Domains menu:
When you find the folder, the .htaccess file may already be there. To double-check it, click Settings in the top-right corner and tick Show hidden files (dotfiles).
If the file did not appear, feel free to create it by clicking +File. Make sure to name the file .htaccess, starting with the dot.
To open the file, right-click it, then click Edit. In the next pop-up window, click Edit as well.
When it comes to setting up a rewrite rule, it is useful to know that there is a permanent redirection type and a temporary one. Each type is processed by search engines and web-browsers differently, and has its own status code, which can be specified in a rewrite rule explicitly:
NOTE: Enabling a 302 redirect for a long period of time can significantly decrease a website’s ranking in search results. In terms of HTTP-HTTPS redirect, all site requests are split between http://domain.com and https://domain.com, since both are indexed by search engines separately. Therefore, in most cases a 301 status code is preferable for HTTP-HTTPS redirects.
We will describe exactly where a status code needs to be specified in the next section.
NOTE: The directives specified below work under their own syntax. Changing any symbol or character can lead to improper functioning or failure of the rewrite rule. To keep things clear, we have highlighted the parts that can be modified with red color (mostly where a certain domain name should be placed).
Let’s take an overview of the most common ways in which a redirection from HTTP to HTTPS can be configured.
NOTE: If you already have some code in your .htaccess, add this one above the rules with a similar starting prefix.
To redirect all sites within a cPanel account, one of the following blocks should be added to the .htaccess file in the home directory of your cPanel (‘/home/cpanelusername/’):
a)
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
This block enables rewriting capabilities, verifies that the initial request does not already have https://, and rewrites the entire requested URL, replacing http:// with https:// (e.g., http://domain.com/subfolder/index.php will be replaced with https://domain.com/subfolder/index.php).
b)
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
This block works the same way as the previous one, just with the help of a different syntax. It is possible to use either of the above mentioned rewrite rules in order to redirect all sites within a cPanel account.
If you need to setup a redirect for all sites within cPanel account except of example.com, the block of code specified below can be added to .htaccess in the home directory:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?example\.com|^(www\.)?example2\.com
RewriteRule .* - [L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
The first condition in the block matches the requested URL against the domain name, included to conditional value (the one that should NOT be redirected), and stops rewriting if they match. It is possible to add domain names to the conditional directive, separating them with the '|' symbol, or to specify several conditional directives, (see examples below).
a) Separating domains with '|'
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?example\.com|^(www\.)?example2\.com
RewriteRule .* - [L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
b) Specifying several conditions
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^(www\.)?example2\.com$
RewriteRule .* - [L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
a) Redirects all http:// requests to the same page, but with https://
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule .* https://example.com%{REQUEST_URI} [R=301,L]
b) Redirects all http:// requests to the same page, but with https://www.
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule .* https://www.example.com%{REQUEST_URI} [R=301,L]
a) Redirects all http:// and https:// requests to the same page, but with https://example.com (also redirects from https://www.example.com to https://example.com)
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule .* https://example.com%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule .* https://example.com%{REQUEST_URI} [R=301,L]
b) Redirects all http:// and https:// requests to the same page, but with https://www (also redirects https://example.com to https://www.example.com)
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule .* https://www.example.com%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^example\.com$
RewriteRule .* https://www.example.com%{REQUEST_URI} [R=301,L]
a) Redirects all site visitors to the same page, but with forced http:// + redirects http://www.example.com to http://example.com
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule .* http://example.com%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule .* http://example.com%{REQUEST_URI} [R=301,L]
b) Redirects all site visitors to the same page, but with forced http://www + redirects from http://example.com to http://www.example.com
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule .* http://example.com%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^example\.com$
RewriteRule .* http://www.example.com%{REQUEST_URI} [R=301,L]
a) Redirects from example.com or www.example.com (both http:// and https://) to a specific subdomain
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule .* https://subdomain.example.com%{REQUEST_URI} [R=301,L]
b) Redirects from a subdomain (both http:// and https://) to https://www.example.com
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^subdomain\.example\.com$
RewriteRule .* https://www.example.com%{REQUEST_URI} [R=301,L]
a) Basic http:// to https:// redirection, but this block should be used along with CloudFlare Flexible SSL Mode
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule .* https://example.com%{REQUEST_URI} [R=301,L]
b) The same rule, but redirects to https://www
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule .* https://www.example.com%{REQUEST_URI} [R=301,L]
Sometimes you may need to redirect a certain part of a website located in a specific subfolder, while leaving the rest of the site as-is. To do this, insert the following block to .htaccess:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?subfolder/(.*) https://%www.example.com/subfolder/$1 [R,L]
This rule is applied if only the specified subfolder is mentioned in the initial request.
The rewrite rule for redirecting a specific page is similar to the previous one:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^example\.html$ https://www.example.com/example.html [R,L]
Only the requested page will be redirected; other site content will remain unaffected.
If the page that needs to be redirected is located in a specific subfolder, the RewriteRule line should be modified as follows:
RewriteRule ^test/example\.html$ https://www.example.com/test/example.html [R,L]
(in the above example, 'test' is the subfolder in question)
If you have a number of pages with the same name, located in different subfolders (the example 'index.html' is used below), you may enable HTTPS redirect for all of them at once. Do this by applying the ruleset as shown below:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_FILENAME} index.html
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Only the pages with the file names that match the {REQUEST_FILENAME} parameter value will be redirected to HTTPS.
a) Redirects all site to https:// except for one page (example.com/some_http_page.html)
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^example\.com$
RewriteCond %{REQUEST_URI} !^/some_http_page\.html$
RewriteRule .* https://example.com%{REQUEST_URI} [R=301,L]
b) Redirects only one page example.com/some_https_page.html to https://
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^example\.com$
RewriteCond %{REQUEST_URI} ^/some_https_page\.html$
RewriteRule .* https://example.com%{REQUEST_URI} [R=301,L]
Each rewrite rule ends with so-called 'rewrite flags' (specified in square brackets, e.g. [R,L]). These flags help to control the rewriting process to be performed correctly. To set a redirect with a 301 status code (permanent), you will need to assign this code to the R-flag in brackets by adding '=301'.
NOTE: If there is no value specified for the R-flag, a redirection will be executed with a 302 status code by default.
Once complete, a redirect functioning and its status code can be checked with the help of this tool.
Need help? We're always here for you.