Redirect http to https (SSL for entire website)

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. You may know it from website url’s like: “”

Difference between http and https

First of all http stands for “Hyper Text Transfer Protocol” and The “S” in https stands for “Secure Socket Layer” (SSL). Http is the protocol that currently is being used by almost all websites worldwide. The https is another protocol primarily developed with secure, safe Internet transactions in mind. The https makes sure your information is send in a secure way to and from the server.

Redirection option 1: .htaccess

You can use the https protocol if you have a SSL certificate and have installed it correctly. Most websites use the http protocol as a default protocol to handle all the information. You can force your website to use the https protocol by creating or modifying an “.htaccess” file in the folder (e.g. root) where you want the redirect to happen.Please add this to the .htaccess file

RewriteEngine OnRewriteCond %{HTTPS} offRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

ExplanationWe are using three command in the code above: RewriteEngine, RewriteCond and RewriteRule.The “RewriteEngine On” tells Apache we are going to use mod_rewrite. The “RewriteCond %{HTTPS}” off, check if the the https protocol already in use. If the https protocol is use then the last line (RewriteRule) wont apply. The last line “RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}” tell the server to only rewrite the first part (http://) to (https://).

Redirection option 2: Using php

You can use the following code (function) to redirect your website using php. you can call the function in the page where you need the redirect from http to https.

< ?php function redirectTohttps() { if($_SERVER['HTTPS']!=”on”) { $redirect= “https://”.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];header(“Location:$redirect”); } } ?>

First of all, you should know that SSL must be installed in the server. To redirect the browser to “https” , we must know that the site is using SSL or not at the moment. And for this, there is a server variable in PHP called “HTTPS”. $_SERVER[‘HTTPS’] returns “on” values when the site is using SSL connection.Source:

Redirection option 3: HTML meta tag

This method is not the most perfect one but you can use it if you are not able to use the “mod rewrite”.Please add the following code to your header

< meta http-equiv="Refresh" content="0;URL=" />

Make sure the original site (the one with SSL encryption) is listening only on port 443 for the IP address you’ve assigned to it. Now create a separate site using that same IP address, and make sure it only listens on port 80. Create a single file at the root level and call it default.htm or default.asp. If you want to use HTML, then use a meta refresh tag.

32 comments on “Redirect http to https (SSL for entire website)

  1. I have a my site have given redirection code but when i am typing manually then it has not been going to be redirected properly. So, friends kindly help me for this other code

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  2. Simply want to say your article is as astonishing.
    The clarity to your post is just nice and that i can think you’re an expert on this subject.
    Fine together with your permission let me to clutch your
    feed to stay up to date with drawing close post. Thank you 1,
    000,000 and please continue the gratifying work.

  3. A better approach for php:
    and $_SERVER[‘HTTPS’]!=”on”
    or $_SERVER[‘SERVER_PORT’]==80
    $redirect= “https://”.$_SERVER[‘HTTP_HOST’].$_SERVER[‘REQUEST_URI’];

    This approach won’t result in error logs growing drastically with entries like:
    PHP Notice: Undefined index: HTTPS in /home/auser/public_html/index.php …

  4. I have recently started a blog, tthe info you provide on tuis website has helped me tremendously.
    Thank you for all oof your time & work.

  5. There is also JS nnif (window.location.protocol != “https:”) {n window.location.href = “https:” + window.location.href.substring(window.location.protocol.length);n}nnOther server vendor code; Cloudflare redirects (I think only available on Pro)nnServer-based HTTP headersnnnThe point is that these methods were all around > 5 years ago, there are other options

  6. I am trying to redirect a http to a https— earlier I found the code that you have listed here in your blog. My problem: I am a somewhat a novice, but I do pretty good at figuring out things that I need to know. My question to you is there an exact location where the HTML meta tag should be placed in the header. (i.e. should it go directly behind the title tag? On the line below the title? Also other important facts: I used Adobe Muse, then upload it with Dreamweaver. So I can look at the code and know just enough to follow exact directions on how to place a line of code. Thanks for what you’ve already shared and thanks in advance for any other advice (or directions) you can offer.

  7. In case you have your server behind a https to http proxy (i.e. openshift php cartridge), here is the correct .htaccessnnRewriteEngine on n nRewriteCond %{HTTP:X-Forwarded-Proto} !https nRewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

  8. I’ve a bit different problem, actually i hosted my website in a multi domain hosting account. so if i alter .htaccess file then obviously all the sites hosted in my hosting is redirected from http to https — which i don’t want to happen. coz., i’ve ssl for only one domain. can you help me with this issue. thanks in advance

    1. It depends on how the hosting is setup. If your have different folders for every domain on one hosting account you can just edit the .htaccess in the particular folder for a specific domain. Just send me an e-mail ( and i’ll try to fix it for your for a small fee. nn~ Luc de Jager

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.