• Blog
  • Papers
  • Datasets
  • Redirecting to HTTPS

    06 December, 2018 | General Hackery

    Something I've been doing a lot recently, so I thought I'd put it here for easy reference. If I've written the website myself it's nearly always in PHP, and the redirect can be done in one line (split into many lines below for readibility), to be placed at the top of index.php...

    if(!(isset($_SERVER['HTTPS'])))
    {
    $url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    header("Location: " . $url);
    exit();
    }

    If I've not written the website myself, and simply installed someone else's code and don't want to go messing with it, the easiest way, if you don't have root access to the server, is to put an .htaccess file in the web root that contains this...

    RewriteEngine On

    RewriteCond %{HTTPS} !on
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    And if you're not using HTTPS yet, may I suggest Let's Encrypt! It's free.