How to redirect HTTP to HTTPS
How to redirect HTTP to HTTPS - Photo by Yeshi Kangrang on Unsplash

Redirect HTTP to HTTPS in 2 Easy htaccess Rules

This article gives you an in-depth understanding of how to redirect HTTP to HTTPS? – along with a line by line explanation of each and every rule of .htaccess file.

Typically to force HTTPS on your HTTP website, the only code you need to stick into your .htaccess file is

Answer to how to redirect HTTP to HTTPS

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The above code can be used in a .htaccess file of any website irrespective of what web tech is used to build the website whether the site is built-in 

but will work only if your server is run by apache since those are apache directives.

What are directives?
set of rules to manage server access by different clients

But if you really need to know what exactly the above .htaccess rule means and does, you can read further. I will assure you it won’t waste your time, instead, you will get to know something new.

[self-praising alert START]

But if you already know this then still I would request you to read further so that after reading the full article only then you will be able to appreciate me for writing such a beautiful article.

[self-praising alert END]

So, practically, the actual block which will go into your .htaccess file which will help you force HTTPS for your website is

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Let’s Learn line by line how redirect HTTP to HTTPS rules work

1. <IfModule mod_rewrite.c>

Apache Module mod_rewrite

Short Description – Provides a rule-based rewriting engine to rewrite requested URLs on the fly.

mod_rewrite provides a flexible and powerful way to manipulate URLs using an unlimited number of rules. Each rule can have an unlimited number of attached rule conditions, to allow you to rewrite URL based on server variables, environment variables, HTTP headers, or time stamps.

Rule ExplainedStart of mod_rewrite module block, check if the ‘mod_rewrite’ module is enabled and if enabled only then everything inside the <IfModule mod_rewrite.c> and </IfModule> tags will execute.

2. RewriteEngine On

RewriteEngine Directive

Short Description – Enables or disables runtime rewriting engine ( mod_rewrite )

Basically, when RewriteEngine directive is set to On only then module mod_rewrite will be able to modify or manipulate URLs otherwise not. All the subsequent RewriteRules will work only if the RewriteEngine directive is On.

Rule ExplainedRewriteEngine On enables mod_rewrite

3. RewriteCond %{HTTPS} off

RewriteCond Directive

Short Description – Defines a condition under which rewriting will take place

Rule ExplainedHere, we are checking if the URL does not contain https, only then execute the next line of the rewrite rule.

4. RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]


Short Description – Defines rules for the rewriting engine
Syntax – RewriteRule Pattern Substitution [flags]

Any of the below rules can be used

  • RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  • RewriteRule ^(.)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  • RewriteRule (.) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Rule ExplainedBasically, it says whatever request comes on the server replace or convert it to the mentioned substitution which is HTTPS protocol. If the requested URL is then this rule will replace or convert this URL to In the above URL
REQUEST_URI – what-is-htaccess-file

Regex quick reference

^Start of line
(…)Capture everything enclosed
.Any single character
a*Zero or more of a (which means in our case “Zero or more of Any single character”)
$End of line

Flag R – The [R] flag causes an HTTP redirect to be issued to the browser.

Flag R Explained in the Rule – It says any request which comes on the server, redirect it to a URL with https protocol keeping the whole URL as it is and mark the redirect (i.e. R=301) with valid status code, in this case, 301 is used which means this and all future requests should be directed to the given URI.

Flag L – The [L] flag causes mod_rewrite to stop processing the ruleset. In most contexts, this means that if the rule matches, no further rules will be processed. This corresponds to the last command in Perl, or the break command in C. Use this flag to indicate that the current rule should be applied immediately without considering further rules.

Flag L Explained in the Rule – It says that the current rule should be applied immediately without considering further rules.

5. </IfModule>

End of mod_rewrite module block

Hope this article “Redirect HTTP to HTTPS in 2 Easy htaccess Rules” helped you in some way, Please let me know your comments about this article and share your bit of knowledge too so that our readers can get more accurate and to the point information about the topic.

Another Important read from Rohutech:

About the author

Rohan Kamble

A Web Developer by profession, who loves the web to the core with over 9 Years of Experience working on a wide range of domains like websites on e-commerce, Travel, Alumni, matrimonial, company's professional sites, Finance, company internal communications and many more. Also WordPress Plugins & Chrome extensions.

View all posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.