I've been struggling for a while to find a method of using .htaccess to force HTTPS on my website. Any way I've tried has resulted in a redirect loop. I found a PHP alternative and amended it to suit my webserver, but I'd like the .htaccess equivalent if anybody could help.
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] != "https") {
header("HTTP/1.1 301 Moved Permanently");
$location = "https://" . $_SERVER[HTTP_HOST] . $_SERVER[REQUEST_URI];
header("Location: $location");
exit;
}
You can use this rule in your root .htaccess:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301,NE]