Apache Redirect

Make sure when you access a website, it is secure. It is important to add ‘https’ to a URL every time. It is therefore essential to enable automatic redirect from HTTP to HTTPS. 

Various modules need to be enabled to activate this redirect:

In Debian-based Ubuntu OS, run these commands:

sudo a2enmod rewrite

sudo a2enmod SSL

To enable SSL module in CentOS, run these command:

yum install mod_ssl

The rewrite module configured by default on these operating systems shown by the following line in the main config file:

LoadModule rewrite_module modules/mod_rewrite.so

However, if it is available, install the module by running:

sudo yum install mod_rewrite

If both modules are enabled, you see this message:

yum example if package is already installed
yum example if package is already installed

Enabling Apache Redirect

There are several methods to do this:

  • Enabling redirect in the virtual host file
  • Enabling redirect in the .htaccess file created in the webroot folder
  • Using mod_rewrite rule in the virtual host file
  • Using redirect in the .htaccess file to force HTTPS

Enabling Redirect in the Virtual Host File

Enabling redirect in the host file is usually safer and simple as it applies to all systems. There are usually two virtual files in Apache: one is for the non-secure port 80 while the other is for the secure port 443.

Port 80

<VirtualHost *:80>
    ServerName www.yourdomain.com
    DocumentRoot /usr/local/apache2/htdocs
    Redirect permanent /secure https://yourdomain.com/secure
</VirtualHost>

Port 443

<VirtualHost _default_:443>
    ServerName www.yourdomain.com
    DocumentRoot /usr/local/apache2/htdocs
    SSLEngine On
    ...
</VirtualHost>

 /secure is the directory you would like Apache to force https for.

Enabling a permanent redirect to HTTPS for all pages

<VirtualHost *:80>
    ServerName www.yourdomain.com
    Redirect permanent / https://www.yourdomain.com/
</VirtualHost>
<VirtualHost _default_:443>
    ServerName www.yourdomain.com
    DocumentRoot /usr/local/apache2/htdocs
    SSLEngine On
    ...
</VirtualHost>

Use .htaccess to Redirect to HTTPS

In the root folder, find the .htaccess file and put the following command in:

Redirect permanent /secure https://www.yourdomain.com/secure

Using mod_rewrite rule in the virtual host file

This is recommended for experienced users as configuration can be different on different systems.

Redirect for certain pages

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?secure/(.*) https://%{SERVER_NAME}/secure/$1 [R,L]

Redirect for all directories 

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

Note: 

Add =301 to the brackets in the R-flag to set the redirect to permanent. Your website now has HTTPS by default.

All the commands mentioned above are related only to Debian-based Linux systems such as Ubuntu. For other systems, contact your server/hosting provider or use the server help files. The above document provides all the necessary information you need for Ubuntu.

Categories:

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *