Redirecting Website Users to a Secure Connection

By

This article was published in the print magazine Drupal Watchdog, Volume 6 Issue 3, Winter 2016, on page 9, by Linux New Media.

Major web applications are increasingly forcing visitors to connect to their websites using the cryptographic protocols of Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). In fact, Google Search is rewarding such sites in their indexing algorithm. If your site account has a valid TLS/SSL certificate, you too can compel visitors to connect securely. In the HTTP access file (.htaccess) in your site's root directory, find the line of code RewriteEngine on and after it, insert the following two lines:


RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

The first line limits the actions of the second to rewrite the user's URL only if the connection is not already utilizing HTTPS.

Copyright © 2016 Michael J. Ross. All rights reserved.