http to https redirect infinite loop problem

If you want to force ssl on your website and for some reason you can’t do it in vhost config directly, you got 3 ways to do it in htaccess.
Changes are you got a good hosting and all 3 will work for you ( for example on your own VPS ). Then there are some hostings without modssl, or with load balancers and then some of these generic rules, that work for 99% people out there will end up in endless loop.

Best to try all 3 of them, one by one and see which one works for you.

htaccess ssl redirect by %{HTTPS} variable

1st version – the most basic, works on most hostings

<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

htaccess ssl redirect by port number

2nd version – if server is using apache without modssl, then %{HTTPS} value will always be ‘off’ and therefore the rule above will cause infinite loop. Use this version instead – it checks server port instead of ^{HTTPS} variable.
It works great on websupport.sk

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{SERVER_PORT} !^80$
	RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

htaccess https redirect infinite loop

3rd version – if all 2 above end in infinite loop, chances are your hosting is using some kind of load balancer.
Try this version then:

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{HTTP:X-Forwarded-Proto} !https
	RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

Laravel force ssl

If you are doing this on Laravel project, make sure you put this in root folder. Very often your root folder will have 4 line htaccess file which redirects everything into public folder. That’s where you need to put this. Do not put http->https rules into public folder’s htaccess, unless that is your root folder as well ( on VPS for example )

Write a Comment

Comment