3

Our application needs to redirect HTTP requests to HTTPS. Normally i would use the RewriteCond as below.

RewriteCond %{HTTPS} off

The thing with our current hosting company is that the requested port is always 80. It doens't matter if we send a HTTP or HTTPS request, the $_SERVER['SERVER_PORT'] is always 80.

We can handle this in PHP, but we also want to force files to HTTPS.

So the concrete question. Is there anyway to force HTTPS in .htaccess without using RewriteCond like RewriteCond %{HTTPS} or RewriteCond %{SERVER_PORT}.

S.Pols
  • 3,414
  • 2
  • 21
  • 42
  • 1
    Are you behind an SSL terminating proxy…? Does that proxy send any indicative HTTP header informing you of the protocol used…? – deceze Nov 09 '16 at 16:49
  • You have specified the condition, but not the rule that applies to that condition. – mister martin Nov 09 '16 at 16:52
  • @deceze really good question. I think that is probably our problem. I think the server is behind a proxy. The only difference i can find in the `HTTP` response is that the `$_SERVER['HTTP_ACCEPT_ENCODING']` is different. A `HTTPS` request adds the value `br`. But I have no idea what that means and if that has something to do with it. – S.Pols Nov 09 '16 at 17:03
  • 1
    You should check with your host how to detect HTTPS. Unless the proxy forwards that information, or leaves other specific traces, this is not really doable. – deceze Nov 09 '16 at 17:52
  • @S.Pols: Does `RewriteCond %{HTTP:X-Forwarded-SSL} =off` work for you? – anubhava Nov 09 '16 at 18:16

1 Answers1

4

Your situation is not that uncommon. Try this (X-Forwarded-Proto is de facto standard for identifying the originating protocol of an HTTP request):

RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
Dusan Bajic
  • 10,249
  • 3
  • 33
  • 43