All Collections
X-Cart Software Installation & Security
X-Cart Store Security
HTTP to HTTPS Redirect Configuration
HTTP to HTTPS Redirect Configuration

Learn how to configure the HTTP to HTTPS redirect for Apache and Windows servers.

Olga Tereshina avatar
Written by Olga Tereshina
Updated over a week ago

If you have a secure certificate (SSL) on your website, you can automatically redirect visitors to your website's secured (HTTPS) version to make sure their information is protected.

How you redirect traffic depends on the hosting you have.

Linux Hosting with Apache

To configure redirect on Apache server, you should have a .htaccess file in your website root catalog and have to append some rules to this file. Here are some variants of the rules-based on different use cases:

Redirect All HTTP Pages to HTTPS Ones

RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L]

If that doesn’t help and the redirect loop occurs, try this one:

RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteCond %{HTTP:X-Forwarded-Proto} !https 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Also, there is the third variant, recommended by Apache documentation. It is more appropriate if you have access to the main server configuration file. You should add the code to the virtual host config and not to the .htaccess file:

<VirtualHost *:80> 
    ServerName www.example.com 
    Redirect / https://www.example.com/ 
</VirtualHost> 

<VirtualHost *:443> 
    ServerName www.example.com 
    # ... SSL configuration goes here 
</VirtualHost>

Redirect a Specific HTTP Page to HTTPS

Use this code in the .htaccess file:

RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteCond %{REQUEST_URI} =/login.php 
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L]

where /login.php should be substituted with the path of the page.

Redirect All HTTP Pages to HTTPS Except One

Use this code in the .htaccess file:

RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteCond %{REQUEST_URI} !^/test.php 
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L]

Here /test.php should be substituted with the path of the page.

Windows Hosting with IIS

To configure redirect on the IIS server, you should have a web.config file in your website root catalog and have to append some rules to this file. Here are some variants of the rules-based on different use cases:

Redirect the Main Domain and Its Subdomains

<?xml version="1.0" encoding="UTF-8"?> 
<configuration> 
    <system.webServer> 
        <rewrite> 
            <rules> 
                <rule name="Redirect to https" stopProcessing="true">
                    <match url="(.*)" /> 
                    <conditions> 
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" /> 
                    </conditions> 
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" /> 
                </rule> 
            </rules> 
        </rewrite> 
    </system.webServer> 
</configuration>

Redirect Only the Main Domain

<?xml version="1.0" encoding="UTF-8"?> 
<configuration> 
    <system.webServer> 
        <rewrite> 
            <rules> 
                <rule name="Redirect to https" stopProcessing="true"> 
                    <match url="(.*)" /> 
                    <conditions> <add input="{HTTPS}" pattern="off" ignoreCase="true" /> 
                        <add input="{HTTP_HOST}" pattern="^domain\.ru" /> 
                    </conditions> 
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" /> 
                </rule> 
            </rules> 
        </rewrite> 
    </system.webServer> 
</configuration>

Replace domain\.ru with your domain.

Did this answer your question?