Forcing SSL (https) on your website

Ensuring your website is secure with our SSL certificate is only the first step. If you are hosting on a managed service, your site will already have an SSL certificate allocated for it. In order to ensure your users are always on the secure site however, can be a little more tricky.

If customers do not use the https:// prefix for the website, most modern browsers will default to SSL, secured communications with the website, however, not all do. We can work around this by adding or modifying the .htaccess file located within your public_html folder. 

A general entry might look like this:

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This tells the server, that if a connection is attempted without using SSL/https that it should tell the browser to try again, but this time use the https:// prefix for the request. This ensures that no matter which page that they attempt to access insecurely, that it will redirect them to the secure version of it.

Note: Please be aware that if you put this entry at the end of the .htaccess file it may not take effect (cPanel created redirects are always at the end of the file). Frameworks like WordPress, Bolt, CraftCMS, and others have 'catchall' redirects which will stop this entry from working. You will need to edit the file directly and place your redirect at the top of the file.

 

Known issues:

There is a known issue forcing SSL on a client connection when using DigiTimber services when using the check condition for port 80:

RewriteEngine on
RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

While this entry might look almost the same, it very much is not. Because our internal server does not run on port 80 (the default insecure port) this is not a valid check to see if the client is using SSL or not with our system. Adding this entry to your .htaccess file will not have the desired results and will not enable SSL on your website.

 

 

 

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Updating Security on Services - TLS 1.2 and TLS 1.3

As of January 2020, our servers will only support SSL/TLS connections using TLS 1.2 for services...