Force HTTPS with Apache .htaccess

View all our .htaccess Cheatsheet snippets here

Use this to redirect non HTTPS requests to a HTTPS request. I.e. if you go to it will redirect to

RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

It is recommended to use HSTS (read about it on Wikipedia) though.

"HTTP Strict Transport Security (HSTS) is a web security policy mechanism which is necessary to protect secure HTTPS websites against downgrade attacks, and which greatly simplifies protection against cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797."

(Note: It is assumed that you have `mod_rewrite` installed and enabled. The first line should be 'RewriteEngine on' to enable this)

Remember that for most rules you must have the RewriteEngine on rule in your .htaccess file!!!

Please remember to double check and verify any rules that you use. If you do not understand a rule please consult someone who does. We accept no responsibility for your use of these rules - use them at your own risk. Please get in touch if you want us to add a rule!

This website is 100% free and one of the fastest loading .htaccess cheatsheet webpages on the web. It is all on one page, and optimised to help it quickly load and for you to easily find the .htaccess rules you need. Please get in touch if you have any questions. We will soon offer this page as a pdf download.

If you use this please consider linking back to

Based heavily (on its first version) from phanan/htaccess.

Snippets with specified source belong to their respective owners and have their own license(s), whenever appropriate.

Other content belongs to the public domain. Refer to Unlicense for more information.
HomeContact/About usPHP's DomDocument CheatsheetTerms and Conditions • We do not set any cookies on our website. Please refer to our privacy policy for more details about our cookies.