Forcing to use HTTPS

By drleung , 19 March 2026

One way to force the use of HTTPS protocol for site access (instead of using the HTTP protocol, an unsecured counterpart) is to take advantage of the server .htaccess file. It's a configuration file that web servers (primarily Apache) use to control how your website behaves. Think of it as a set of instructions that the web server follows without needing to contact your website's main configuration file.

To force a site to use HTTPS protocol, one can add the following code to the .htaccess file.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

Please note the .htaccess is a hidden file. Make sure you have set hidden file visible in your file manager before managing it.

Tags

Comments

© 2026 drleung.net All Rights Reserved. All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.