Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Forcing SSL with .htaccess, cPanel & CloudFlare

Forcing SSL with .htaccess, cPanel & CloudFlare

HostBasticHostBastic Member, Provider

Using the following code in your .htaccess file automatically redirects visitors to the HTTPS version of your site:

RewriteEngine On 
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If you have an existing .htaccess file:

  • Do not duplicate RewriteEngine On.
  • Make sure the lines beginning RewriteCond and RewriteRule immediately follow the already-existing RewriteEngine On.

Forcing SSL via cPanel follow this steps:

  • access the redirects section
  • set permanent (301) redirect
  • choose the domain name
  • enter the site's url using the SSL certificate
  • make sure wild card redirect is selected
  • select redirect with or without www

Forcing SSL via CloudFlare follow this steps:

  • Login into your CloudFlare account, choose the domain which you wish to enforce the SSL.
  • From there select the Page Rules section and select Create Page Rules.
  • Add your URL and select Add a Setting.
  • Under Add a Setting select SSL and for SSL Settings choose Full.

HostBastic.com - Fast Webhosting | Custom VPS | Reseller | Game Servers
cPanel | CloudLinux | LiteSpeed | 100% SSD | OpenVZ | FREE SSL | DDoS Protection | 99.99% Uptime

Thanked by 1armandorg

Comments

  • joepie91joepie91 Member, Provider

    Obligatory warning that "CloudFlare SSL" is not "real" SSL/TLS, as it does not provide you with the security that TLS is meant to provide. More details are here.

    Currently offering Node.js code review, tutoring and advice and custom Node.js module development!
    Appreciate my posts/software/guides? Donate (PayPal/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

    Thanked by 2GCat HostBastic
  • cam246cam246 Member, Provider

    You may be able to do something like this in the vhosts conf file also.

  • cam246cam246 Member, Provider
    edited January 6

    Just found it

        NameVirtualHost *:80
        <VirtualHost *:80>
           ServerName www.example.com
           Redirect permanent / https://secure.example.com/
        </VirtualHost>
    
        <VirtualHost _default_:443>
           ServerName secure.example.com
           DocumentRoot /usr/local/apache2/htdocs
           SSLEngine On
        # etc...
        </VirtualHost>
    
    Thanked by 3HostBastic MikeA GCat
  • WiryawanAdipaWiryawanAdipa Member
    edited January 7

    I'm using this .htaccess for my site

    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    My question, which is the best? And what is the difference?

  • cam246cam246 Member, Provider

    @WiryawanAdipa said: I'm using this .htaccess for my site

    RewriteCond %{HTTPS} off
    > RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    My question, which is the best? And what is the difference?

    I mean they all get the job done and they all do it well. I think it's more of what do you have access to? If you don't have access to the virtual hosts then you use the .htaccess but honestly they all get the job done without any noticeable speed difference.

  • @cam246 said:

    @WiryawanAdipa said: I'm using this .htaccess for my site

    RewriteCond %{HTTPS} off
    > > RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    My question, which is the best? And what is the difference?

    I mean they all get the job done and they all do it well. I think it's more of what do you have access to? If you don't have access to the virtual hosts then you use the .htaccess but honestly they all get the job done without any noticeable speed difference.

    I mean the difference of your htaccess and my htaccess, and which is the best?

  • tr1ckytr1cky Member
    edited January 14

    @joepie91 said: Obligatory warning that "CloudFlare SSL" is not "real" SSL/TLS, as it does not provide you with the security that TLS is meant to provide. More details are here.

    Took your post seriously until I saw the recommended providers at the bottom.

    tsdns.io - free, redundant, DDoS-protected TSDNS

  • maldoviamaldovia Member
    edited January 14

    @WiryawanAdipa said: I'm using this .htaccess for my site

    RewriteCond %{HTTPS} off
    > RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    My question, which is the best? And what is the difference?

    Redirecting via apache.conf or httpd.conf is better than redirecting via .htaccess and will result in less CPU load.

  • WSSWSS Member
    edited January 14

    @maldovia said:

    @WiryawanAdipa said: I'm using this .htaccess for my site

    RewriteCond %{HTTPS} off
    > > RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    My question, which is the best? And what is the difference?

    Redirecting via apache.conf or httpd.conf is better than redirecting via .htaccess and will result in less CPU load.

    You are actually on the hook for a look up for the .htaccess file any time AuthConfig is set to do so. There are many things in Apache which make it slower - but the overhead for this is incredibly negligible and the days of SSD. The load generated is also primarily disk IO, rather than any further CPU overhead, and is less than that of an interpreted language including a local file.

    I once hupped a thread in BSD-Reno, just to watch it die.

  • GCatGCat Member

    @tr1cky said:

    @joepie91 said: Obligatory warning that "CloudFlare SSL" is not "real" SSL/TLS, as it does not provide you with the security that TLS is meant to provide. More details are here.

    Took your post seriously until I saw the recommended providers at the bottom.

    Oh good, I'm not the only one who pissed laughing at "ServerCrate"

    My comments are mine and mine alone, and do not reflect the opinion of my business

  • WickedWicked Member
    edited January 14

    Nice guide. If you use Cloudflare Free you should use .htaccess instead of Page Rules. You only have 3 rules for free so that will save you one.

    Redirect www to https

    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

    Thanked by 1Blazing
  • joepie91joepie91 Member, Provider
    edited January 14

    @GCat said:

    @tr1cky said:

    @joepie91 said: Obligatory warning that "CloudFlare SSL" is not "real" SSL/TLS, as it does not provide you with the security that TLS is meant to provide. More details are here.

    Took your post seriously until I saw the recommended providers at the bottom.

    Oh good, I'm not the only one who pissed laughing at "ServerCrate"

    I'm not really interested in pissing contests or personal vendettas regarding providers. If either of you dislike the recommendations, you're welcome to put together your own list.

    But if you heavily imply that you somehow take the rest of the article less seriously because somebody listed an option that you disagree with, despite the suggested options being unrelated to the rest of the (technical!) points made in the article... yeah, well, I'd say you have some self-reflection to do, and that the issue is probably not with the article.

    Currently offering Node.js code review, tutoring and advice and custom Node.js module development!
    Appreciate my posts/software/guides? Donate (PayPal/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

    Thanked by 1GCat
  • GCatGCat Member

    @joepie91 said:

    @GCat said:

    @tr1cky said:

    @joepie91 said: Obligatory warning that "CloudFlare SSL" is not "real" SSL/TLS, as it does not provide you with the security that TLS is meant to provide. More details are here.

    Took your post seriously until I saw the recommended providers at the bottom.

    Oh good, I'm not the only one who pissed laughing at "ServerCrate"

    I'm not really interested in pissing contests or personal vendettas regarding providers. If either of you dislike the recommendations, you're welcome to put together your own list.

    But if you heavily imply that you somehow take the rest of the article less seriously because somebody listed an option that you disagree with, despite the suggested options being unrelated to the rest of the (technical!) points made in the article... yeah, well, I'd say you have some self-reflection to do, and that the issue is probably not with the article.

    I was just taking the piss mate :p

    My comments are mine and mine alone, and do not reflect the opinion of my business

  • jtkjtk Member

    If you just want to restrict a directory to be accessible only with SSL/TLS, you could also just put SSLRequireSSL in the .htaccess file. It is not as user friendly perhaps.

  • How about IP to domain via vhost? having problems with one of my VPS.

    Religion is the most malevolent of all mind viruses. Are you already infected?

  • Using the following code in your .htaccess file automatically redirects visitors to the HTTPS version of your site:

    RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] If you have an existing .htaccess file:

    Do not duplicate RewriteEngine On. Make sure the lines beginning RewriteCond and RewriteRule immediately follow the already-existing RewriteEngine On. Forcing SSL via cPanel follow this steps:

    access the redirects section set permanent (301) redirect choose the domain name enter the site's url using the SSL certificate make sure wild card redirect is selected select redirect with or without www Forcing SSL via CloudFlare follow this steps:

    Login into your CloudFlare account, choose the domain which you wish to enforce the SSL. From there select the Page Rules section and select Create Page Rules. Add your URL and select Add a Setting. Under Add a Setting select SSL and for SSL Settings choose Full.

    Oppppps....I saw this post was posted here http://forumweb.hosting/14501-forcing-ssl-with-htaccess-cpanel-amp-cloudflare.html and showing on their homepage

    http://forumweb.hosting/

    How can you repost this content? It is not allowed by their forum rules there.

  • xcoopxcoop Member

    nice share dude..

Sign In or Register to comment.