Forcing the domain to serve securely using HTTPS (for any site)

The following forces any http request to be rewritten using https. For example, the following code forces a request to http://example.com to load https://example.com. It also forces directly linked resources (images, css, etc.) to use https:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

If this isn't working for you, first check your line endings. Copy/paste from your web browser into a text editor may not work right, so after pasting into your text editor you should delete each line break and add it back in (line break = return key).

 

Steps for cPanel

The file itself can be found if you go to cPanel >> File Manager. There, find the document root of your website. For primary cPanel domains, the folder is usually ‘public_html’. If the website is an add-on, you can look up its document root in Addon domains section.

When you find the folder, the .htaccess file may already be there. To double-check it, click Settings in the top-right corner and tick Show hidden files (dotfiles).

If the file did not appear, feel free to create it by clicking +File. Make sure to name the file .htaccess, starting with the dot.

To open the file, right-click it, then click Edit. In the next pop-up window, click Edit as well.

Now add the following code to the top of .htacess file

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"
Esta resposta foi útil? 0 Utilizadores acharam útil (0 Votos)