How to redirect HTTP to HTTPS Using .htaccess?

IT February 20th 2025

When you add SSL to your website, your web server will continue to serve your webpages’ HTTP version. So, you need to redirect HTTP to HTTPs and force SSL on your website. In this article, we will explore steps on how you can redirect HTTP to HTTPS utilizing .htaccess file in apache web server.

What is HTTP to HTTPS using redirect?

In recent days, the most common redirect concern was to properly redirect the www version of the website to the non-www site or vice versa. Moreover, with the introduction of SSL certificates, HTTP to HTTPs redirect has taken over.

What is . Htaccess?

Htaccess is short for Hypertext Access. It is a configuration file utilized by Apache-based web servers. Configuration files configure the initial setting of a server or the program. This means that the .htaccess file can be easily utilized to make the server behave in a certain way.

Also, each and every function is a form of code or text, which informs the server what one can perform. You can change or add functionality by changing or adding the code in the .htaccess file.

Each function is basically just a line of text, or code, which tells the server what to do. You can add or change functionality by adding or changing the code in the .htaccess file.

Why should you use HTTPS on my website?

When you see a padlock icon followed by HTTP in the address bar of a web browser, it means that an SSL certificate has been installed on the website you are accessing. It also means that the SSL protocol will be utilized during data exchange between the website (Server) and the web browser (Client) accessing that website.  Let’s check out the step by step guide to redirect HTTP to HTTPS.

Step-by-step guide to redirect HTTP to HTTPS using .htaccess.

Redirecting HTTP to HTTPS using .htaccess is a common practice to ensure secure connections to your website. Below is a step-by-step guide to achieve this:

Step 1: Access Your .htaccess File

1. Connect to your website’s server using an FTP client (e.g., FileZilla) or a file manager in your hosting control panel (e.g., cPanel).
2. Navigate to the root directory of your website (usually public_html, htdocs, or the folder where your website files are stored).
3. Locate the .htaccess file. If it doesn’t exist, create a new file and name it .htaccess.

Step 2: Edit the .htaccess File

1. Open the .htaccess file in a text editor (e.g., Notepad++, Sublime Text, or the built-in editor in your hosting control panel).
2. Add the following code to enforce HTTPS redirection:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Explanation:

RewriteEngine On: Enables the rewrite engine.

RewriteCond %{HTTPS} off: Checks if HTTPS is off (i.e., the request is HTTP).

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L, R=301]: Redirects all HTTP requests to HTTPS with a 301 (permanent) redirect.

Step 3: Save and upload the .htaccess File

1. Save the changes to the .htaccess file.
2. If you edited the file locally, upload it back to the server, replacing the existing .htaccess file. Ensure the file permissions are set to 644 (readable by everyone, writable by the owner).

Step 4: Test the Redirection

1. Open a web browser and visit your website using http:// (e.g., http://example.com).
2. The browser should automatically redirect to https:// (e.g., https://example.com).
3. Verify that the padlock icon appears in the browser’s address bar, indicating a secure connection.

Optional: Force HTTPS for Specific Pages

If you only want to redirect specific pages to HTTPS, modify the .htaccess rules. For example:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(login|checkout|admin)/? https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This will only redirect URLs containing login, checkout, or admin to HTTPS.

Troubleshooting

If the redirection doesn’t work:

-Ensure the .htaccess file is in the correct directory.

-Verify that the mod_rewrite module is enabled on your Apache server.

-Check for conflicting rules in the .htaccess file.

By following these steps, your website will securely redirect all HTTP traffic to HTTPS.

In case If you want to stop an automatic redirect from http:// to https:// you can follow the below steps:

Step 1: Access Your .htaccess File

1. Connect to your website’s server using an FTP client (e.g., FileZilla) or a file manager in your hosting control panel (e.g., cPanel).
2. Navigate to the root directory of your website (usually public_html, htdocs, or the folder where your website files are stored).
3. Locate the .htaccess file.

Step 2: Remove or Modify the HTTPS Redirection Rules

1. Open the .htaccess file in a text editor (e.g., Notepad++, Sublime Text, or the built-in editor in your hosting control panel).

2. Look for the following lines (or similar) that enforce the HTTP to HTTPS redirection:

apache

Copy

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

3. To stop the redirection:

4. Option 1: Comment out the rules (add # at the beginning of each line to disable them):

apache

Copy

#RewriteEngine On
#RewriteCond %{HTTPS} off
#RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

5. Option 2: Delete the rules entirely if you no longer need them.

Step 3: Save and Upload the .htaccess File

1. Save the changes to the .htaccess file.
2. If you edited the file locally, upload it back to the server, replacing the existing .htaccess file.
3. Ensure the file permissions are set to 644 (readable by everyone, writable by the owner).

Step 4: Clear Browser Cache

1. Clear your browser cache or test in an incognito/private window to ensure the changes take effect.
2. Visit your website using http:// (e.g., http://example.com) to confirm that it no longer redirects to https://.

Step 5: Check Server Configuration (if needed)

If the redirection persists after modifying the .htaccess file, the HTTPS redirection might be enforced at the server level (e.g., in Apache’s configuration files or via your hosting provider’s settings). In this case:

1. Contact your hosting provider to check if they enforce HTTPS redirection.
2. If you have access to the server configuration files (e.g., httpd.conf or SSL.conf), look for Redirect or RewriteRule directives and remove or comment them out.

Summing UP

Redirecting HTTP to HTTPS using the .htaccess file is a simple yet effective way to ensure website security, improve SEO rankings, and build user trust. By implementing the correct redirect rules, you can automatically enforce secure connections, preventing insecure access. Always test your redirects to avoid misconfigurations that could impact website performance. With HTTPS enforced, your website will provide a safer browsing experience while maintaining compliance with modern web security standards.

Frequently Asked Questions (FAQ)

Q 1. Should I redirect all HTTP to HTTPS?

Ans. Yes, you should redirect all HTTP traffic to HTTPS to ensure a secure connection, protect user data, and improve SEO rankings.

Q 2. How do I change HTTP to HTTPS automatically?

Ans. You can use a server-side redirect (301 redirect) in your web server configuration (e.g., .htaccess for Apache, Nginx configuration, or a redirect rule in Cloudflare). Additionally, you need an SSL certificate installed.

Q 3. Is it good to redirect HTTP to HTTPS?

Ans. Yes, it is highly recommended. HTTPS provides security, builds trust with users, and improves search engine rankings.

Q 4. Why use HTTPS instead of HTTP?

Ans. HTTPS encrypts data, prevents eavesdropping, ensures data integrity, and protects against man-in-the-middle attacks.

Q 5. Which is best, www or HTTPS?

Ans. These serve different purposes. HTTPS refers to a secure protocol, while “www” is a subdomain. The best practice is to use HTTPS with or without “www” depending on your preference.

Q 6. Why is using HTTP bad?

Ans. HTTP is insecure because data is transmitted in plain text, making it vulnerable to interception, hacking, and manipulation.

Q 7. Why use HTTPS instead of HTTP?

Ans. HTTPS ensures secure data transfer, improves SEO rankings, builds user trust, and complies with security standards.