Redirect HTTP to HTTPS in Apache
Introduction
HTTPS is used to secure communication between the user’s browser and the web server. It helps protect sensitive information such as usernames, passwords, contact form data, and payment details by encrypting the connection.
If a website is accessible through both HTTP and HTTPS, users may still open the non-secure HTTP version. To avoid this, we can configure Apache to automatically redirect all HTTP requests to HTTPS.
For example:
http://mail.example.com
will be redirected to:
https://mail.example.com
This ensures that users always access the website through a secure HTTPS connection.
Prerequisites
Before configuring the HTTP to HTTPS redirect, make sure the following requirements are completed:
- Apache web server must be installed and running.
- The domain or subdomain must be properly pointed to the server.
- A valid SSL certificate must be installed for the domain.
- HTTPS must be working correctly before applying the redirect.
- Apache rewrite module should be enabled if using
.htaccess. - You must have access to either:
.htaccessfile, or- Apache virtual host configuration file.
- Backup the existing configuration file before making any changes.
Implementation
Method 1: Redirect HTTP to HTTPS Using .htaccess
If you are using shared hosting or cPanel, you can add the redirect rule inside the .htaccess file.
Open the .htaccess file from the website document root, usually:
/public_html/.htaccess
Add the following rules:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Explanation
| Rule | Description |
|---|---|
| RewriteEngine On | Enables Apache rewrite rules. |
| RewriteCond %{HTTPS} off | Checks whether the current request is not using HTTPS. |
| RewriteRule | Redirects the request to the HTTPS version of the same URL. |
| R=301 | Performs a permanent redirect. |
| L | Stops processing further rewrite rules. |
Method 2: Redirect HTTP to HTTPS Using Apache Virtual Host
If you have root or server-level access, you can configure the redirect directly in the Apache virtual host file.
Open the Apache configuration file for the domain.
Example path:
/etc/apache2/sites-available/example.com.conf
Add or update the port 80 virtual host:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
</VirtualHost>
For a subdomain such as webmail or mail:
<VirtualHost *:80>
ServerName mail.example.com
Redirect permanent / https://mail.example.com/
</VirtualHost>
After updating the configuration, check the Apache syntax:
apachectl configtest
If the syntax is correct, restart Apache:
systemctl restart apache2
For CentOS/RHEL-based servers, use:
systemctl restart httpd
Verification
After applying the redirect, open the HTTP version of the website in a browser:
http://example.com
It should automatically redirect to:
https://example.com
You can also verify using the command line:
curl -I http://example.com
Expected result:
HTTP/1.1 301 Moved Permanently Location: https://example.com/
Conclusion
Redirecting HTTP to HTTPS in Apache ensures that all users access the website through a secure encrypted connection. This improves website security, protects sensitive user information, and helps avoid browser “Not Secure” warnings.
The redirect can be configured using either the .htaccess file or the Apache virtual host configuration. For shared hosting or cPanel users, the .htaccess method is commonly used. For server administrators, configuring the redirect in the Apache virtual host file is the recommended method.
