Apache: Redirect http to https Apache secure connection – force HTTPS
Connections
<http://www.cyberciti.biz/tips/category/apache/>
Let us say you have webmail sub-domain called http://mail.innovationframes.com and
you would like to redirect it to https secure connection i.e.
https://mail.innovationframes.com.
This will help you protect user privacy and sensitive information such as
username and password remotely.
So how do you configure your Apache web server so that you prevent your web
sites from being accessed without encryption?
Redirect http to https Apache Configuration
First make sure Apache is configured for HTTPS connection and necessary SSL
certificates are installed.
No non-ssl access i.e. only accept https connections
Now open httpd.conf or .htaccess file (mod_rewrite not required):
# vi httpd.conf
Append following line :
Redirect permanent / https://mail.innovationframes.com/
Any request made to http://mail.innovationframes.com will goto
https://mail.innovationframes.com/
Save and close the file. Restart the Apache:
# /etc/init.d/httpd restart
This is easiest way to ensure that your normal user never use plain text
HTTP protocol to send data. Now this makes it much harder to sniff sensitive
data.
Force webmail login over SSL https session
So if you want force users to access their webmail through https, add
following configuration to .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Make sure you have something as follows in httpd.conf (mod_rewrite support):
LoadModule rewrite_module modules/mod_rewrite.so