Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Forcing SSL with .htaccess, cPanel & CloudFlare
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Forcing SSL with .htaccess, cPanel & CloudFlare

HostBasticHostBastic Member, Host Rep

Using the following code in your .htaccess file automatically redirects visitors to the HTTPS version of your site:

RewriteEngine On 
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If you have an existing .htaccess file:

  • Do not duplicate RewriteEngine On.
  • Make sure the lines beginning RewriteCond and RewriteRule immediately follow the already-existing RewriteEngine On.

Forcing SSL via cPanel follow this steps:

  • access the redirects section
  • set permanent (301) redirect
  • choose the domain name
  • enter the site's url using the SSL certificate
  • make sure wild card redirect is selected
  • select redirect with or without www

Forcing SSL via CloudFlare follow this steps:

  • Login into your CloudFlare account, choose the domain which you wish to enforce the SSL.
  • From there select the Page Rules section and select Create Page Rules.
  • Add your URL and select Add a Setting.
  • Under Add a Setting select SSL and for SSL Settings choose Full.
Thanked by 1armandorg

Comments

  • joepie91joepie91 Member, Patron Provider

    Obligatory warning that "CloudFlare SSL" is not "real" SSL/TLS, as it does not provide you with the security that TLS is meant to provide. More details are here.

    Thanked by 2GCat HostBastic
  • CamCam Member, Patron Provider

    You may be able to do something like this in the vhosts conf file also.

  • CamCam Member, Patron Provider
    edited January 2017

    Just found it

        NameVirtualHost *:80
        <VirtualHost *:80>
           ServerName www.example.com
           Redirect permanent / https://secure.example.com/
        </VirtualHost>
    
        <VirtualHost _default_:443>
           ServerName secure.example.com
           DocumentRoot /usr/local/apache2/htdocs
           SSLEngine On
        # etc...
        </VirtualHost>
    
    Thanked by 3HostBastic MikeA GCat
  • WiryawanAdipaWiryawanAdipa Member
    edited January 2017

    I'm using this .htaccess for my site

    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    My question, which is the best? And what is the difference?

  • CamCam Member, Patron Provider

    @WiryawanAdipa said:
    I'm using this .htaccess for my site

    RewriteCond %{HTTPS} off
    > RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    My question, which is the best? And what is the difference?

    I mean they all get the job done and they all do it well. I think it's more of what do you have access to? If you don't have access to the virtual hosts then you use the .htaccess but honestly they all get the job done without any noticeable speed difference.

  • @cam246 said:

    @WiryawanAdipa said:
    I'm using this .htaccess for my site

    RewriteCond %{HTTPS} off
    > > RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    My question, which is the best? And what is the difference?

    I mean they all get the job done and they all do it well. I think it's more of what do you have access to? If you don't have access to the virtual hosts then you use the .htaccess but honestly they all get the job done without any noticeable speed difference.

    I mean the difference of your htaccess and my htaccess, and which is the best?

  • tr1ckytr1cky Member
    edited January 2017

    @joepie91 said:
    Obligatory warning that "CloudFlare SSL" is not "real" SSL/TLS, as it does not provide you with the security that TLS is meant to provide. More details are here.

    Took your post seriously until I saw the recommended providers at the bottom.

  • maldoviamaldovia Member
    edited January 2017

    @WiryawanAdipa said:
    I'm using this .htaccess for my site

    RewriteCond %{HTTPS} off
    > RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    My question, which is the best? And what is the difference?

    Redirecting via apache.conf or httpd.conf is better than redirecting via .htaccess and will result in less CPU load.

  • WSSWSS Member
    edited January 2017

    @maldovia said:

    @WiryawanAdipa said:
    I'm using this .htaccess for my site

    RewriteCond %{HTTPS} off
    > > RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    My question, which is the best? And what is the difference?

    Redirecting via apache.conf or httpd.conf is better than redirecting via .htaccess and will result in less CPU load.

    You are actually on the hook for a look up for the .htaccess file any time AuthConfig is set to do so. There are many things in Apache which make it slower - but the overhead for this is incredibly negligible and the days of SSD. The load generated is also primarily disk IO, rather than any further CPU overhead, and is less than that of an interpreted language including a local file.

  • @tr1cky said:

    @joepie91 said:
    Obligatory warning that "CloudFlare SSL" is not "real" SSL/TLS, as it does not provide you with the security that TLS is meant to provide. More details are here.

    Took your post seriously until I saw the recommended providers at the bottom.

    Oh good, I'm not the only one who pissed laughing at "ServerCrate"

  • WickedWicked Member
    edited January 2017

    Nice guide. If you use Cloudflare Free you should use .htaccess instead of Page Rules. You only have 3 rules for free so that will save you one.

    Redirect www to https

    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

    Thanked by 1Blazing
  • joepie91joepie91 Member, Patron Provider
    edited January 2017

    @GCat said:

    @tr1cky said:

    @joepie91 said:
    Obligatory warning that "CloudFlare SSL" is not "real" SSL/TLS, as it does not provide you with the security that TLS is meant to provide. More details are here.

    Took your post seriously until I saw the recommended providers at the bottom.

    Oh good, I'm not the only one who pissed laughing at "ServerCrate"

    I'm not really interested in pissing contests or personal vendettas regarding providers. If either of you dislike the recommendations, you're welcome to put together your own list.

    But if you heavily imply that you somehow take the rest of the article less seriously because somebody listed an option that you disagree with, despite the suggested options being unrelated to the rest of the (technical!) points made in the article... yeah, well, I'd say you have some self-reflection to do, and that the issue is probably not with the article.

    Thanked by 1GCat
  • @joepie91 said:

    @GCat said:

    @tr1cky said:

    @joepie91 said:
    Obligatory warning that "CloudFlare SSL" is not "real" SSL/TLS, as it does not provide you with the security that TLS is meant to provide. More details are here.

    Took your post seriously until I saw the recommended providers at the bottom.

    Oh good, I'm not the only one who pissed laughing at "ServerCrate"

    I'm not really interested in pissing contests or personal vendettas regarding providers. If either of you dislike the recommendations, you're welcome to put together your own list.

    But if you heavily imply that you somehow take the rest of the article less seriously because somebody listed an option that you disagree with, despite the suggested options being unrelated to the rest of the (technical!) points made in the article... yeah, well, I'd say you have some self-reflection to do, and that the issue is probably not with the article.

    I was just taking the piss mate :p

  • jtkjtk Member

    If you just want to restrict a directory to be accessible only with SSL/TLS, you could also just put SSLRequireSSL in the .htaccess file. It is not as user friendly perhaps.

  • How about IP to domain via vhost? having problems with one of my VPS.

  • Using the following code in your .htaccess file automatically redirects visitors to the HTTPS version of your site:

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    If you have an existing .htaccess file:

    Do not duplicate RewriteEngine On.
    Make sure the lines beginning RewriteCond and RewriteRule immediately follow the already-existing RewriteEngine On.
    Forcing SSL via cPanel follow this steps:

    access the redirects section
    set permanent (301) redirect
    choose the domain name
    enter the site's url using the SSL certificate
    make sure wild card redirect is selected
    select redirect with or without www
    Forcing SSL via CloudFlare follow this steps:

    Login into your CloudFlare account, choose the domain which you wish to enforce the SSL.
    From there select the Page Rules section and select Create Page Rules.
    Add your URL and select Add a Setting.
    Under Add a Setting select SSL and for SSL Settings choose Full.

    Oppppps....I saw this post was posted here http://forumweb.hosting/14501-forcing-ssl-with-htaccess-cpanel-amp-cloudflare.html and showing on their homepage

    http://forumweb.hosting/

    How can you repost this content? It is not allowed by their forum rules there.

  • nice share dude..

Sign In or Register to comment.