If you have a secure certificate (SSL) on your website, you can automatically redirect visitors to your website's secured (HTTPS) version to make sure their information is protected.
How you redirect traffic depends on the hosting you have.
Linux Hosting with Apache
To configure redirect on Apache server, you should have a .htaccess file in your website root catalog and have to append some rules to this file. Here are some variants of the rules-based on different use cases:
Redirect All HTTP Pages to HTTPS Ones
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L]
If that doesn’t help and the redirect loop occurs, try this one:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Also, there is the third variant, recommended by Apache documentation. It is more appropriate if you have access to the main server configuration file. You should add the code to the virtual host config and not to the .htaccess file:
<VirtualHost *:80>
ServerName www.example.com
Redirect / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
# ... SSL configuration goes here
</VirtualHost>
Redirect a Specific HTTP Page to HTTPS
Use this code in the .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} =/login.php
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L]
where /login.php
should be substituted with the path of the page.
Redirect All HTTP Pages to HTTPS Except One
Use this code in the .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/test.php
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L]
Here /test.php
should be substituted with the path of the page.
Windows Hosting with IIS
To configure redirect on the IIS server, you should have a web.config file in your website root catalog and have to append some rules to this file. Here are some variants of the rules-based on different use cases:
Redirect the Main Domain and Its Subdomains
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Redirect Only the Main Domain
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions> <add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="^domain\.ru" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Replace domain\.ru
with your domain.