Drupal Force HTTPS (ssl)

By shane
Fri, 2012-04-13 11:24
comments

Share with Others

There may come a time where you need to force a user to see your site under HTTPS. If you only have one site on the server, you can easily add something like this to your apache config file:


Redirect permanent / https://www.domainname.com/

However, in the case that you have multiple websites on your server, and you only need Apache to force a redirect on one of your Drupal sites, this changes things. In order to get this setup, you will need to edit the .htaccess file inside your Drupal root folder for this website (note: multi-site installations may be slightly different).

Inside the .htaccess file, you will need to add something like this (replacing your domain name as needed):


RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^domainname\.com*
RewriteRule ^(.*)$ https://www.domainname.com/$1 [L,R=301]

These rewrite conditions should be placed after the following lines:


<IfModule mod_rewrite.c >
RewriteEngine on

In the example above, I am forcing a user to be redirected to https://www.domainname.com regardless of whether they originally navigated to domainname.com or www.domainname.com

Adding the SSL certificate to the subdomain (in this case www), allows you to set up the SSL without a dedicated IP address for this site. This may work well in some shared hosting environments.