Apache: Redirect http to https Apache secure connection – force HTTPS Connections

Let us say you have webmail sub-domain called http://mail.nixcraft.com and you would like to redirect it to https secure connection i.e. https://mail.nixcraft.com.

This will help you protect user privacy and sensitive information such as username and password remotely.

So how do you configure your Apache web server so that you prevent your web sites from being accessed without encryption?

Redirect http to https Apache Configuration

First make sure Apache is configured for HTTPS connection and necessary SSL certificates are installed.

No non-ssl access i.e. only accept https connections

Now open httpd.conf or .htaccess file (mod_rewrite not required):
# vi httpd.conf
Append following line :
Redirect permanent / https://mail.nixcraft.com/
Any request made to http://mail.nixcraft.com will goto https://mail.nixcraft.com/

Save and close the file. Restart the Apache:
# /etc/init.d/httpd restart

This is easiest way to ensure that your normal user never use plain text HTTP protocol to send data. Now this makes it much harder to sniff sensitive data.

Force webmail login over SSL https session

So if you want force users to access their webmail through https, add following configuration to .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Make sure you have something as follows in httpd.conf (mod_rewrite support):
LoadModule rewrite_module modules/mod_rewrite.so

thueserve 728x90 Apache: Redirect http to https Apache secure connection – force HTTPS Connections
digg delicious stumbleupon technorati Google live facebook Sphinn Mixx newsvine reddit yahoomyweb