Force HTTPs (SSL) for the URL displayed by the web browser

This guide explains how to redirect all visitors to a secure HTTPS (SSL) version of a site on Infomaniak Web Hosting.

Prerequisites

• Have a valid and functional SSL certificate for the Infomaniak website

Manual Redirection via .htaccess File

Simply modify or add the following 3 lines to the .htaccess file of the relevant website to ensure that all visitors are automatically directed to its secure HTTPS version:

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://domain.xyz/$1 [R=301,L]

If Problems Arise

• Replace the second line of the code above with RewriteCond %{HTTP:X-Forwarded-Proto} !https

With a CMS

Most web applications like WordPress and Joomla have extensions/plugins that automatically redirect site visitors to its secure HTTPS version.

WordPress

If you are using a content management system (CMS) like WordPress to build your site, we recommend installing an extension to handle this redirection:

1. Back up the site's files and database as a precaution
2. Install the Really Simple SSL extension or similar from the WordPress console and activate it
3. Visitors will now be automatically redirected to the HTTPS version of the site
4. If issues persist (after clearing cache, etc.), you may also use Velvet Blues Update URLs

Joomla

1. Find the line

   var $live_site ='';

   in the Joomla configuration file (configuration.php) on the server

2. Replace with

   var $live_site = 'https://www.domain.xyz';

3. Add three lines to your .htaccess file on the server:

   RewriteEngine On
   RewriteCond %{HTTPS} OFF
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

4. Open the Joomla administration panel in "System - Configuration"
5. Click on the "Server" tab and under "Force SSL" select "Administration and site"
6. Save and visitors will now be automatically redirected to the HTTPS version of the site

Prestashop

1. Go to the general settings in the Prestashop back-office to enable SSL:
   1. < v1.7 click on "Preferences" then "General"
   2. > v1.7 click on "Shop Parameters" then "General"
2. Toggle the "Enable SSL" button to "YES"
3. Click on "Save"
4. In the same place, toggle the "Enable SSL on all pages" button to "YES"
5. Click on "Save"

If a security lock does not appear in the browser or a warning is displayed, check the template or modules as sometimes they may not be fully compatible with SSL. Your Prestashop might be loading elements (images, .css or .js files, fonts...) over "http" when they should now be loaded over "https".

Drupal

This article (in English) explains how to switch a Drupal site from http to https.

Alternative Solutions

In your .htaccess file, to force the site URL to be https:// but without www :

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www. [NC]
RewriteRule (.*) https://domain.xyz/$1 [R=301,L]

In the case of a redirection loop, adjust the code above to:

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [OR]
RewriteCond %{HTTP_HOST} ^www. [NC]
RewriteRule (.*) https://domain.xyz/$1 [R=301,L]

In your .htaccess file, to force redirection with www

with subdomains:

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule (.*) https://www.domain.xyz/$1 [R=301,L]

In the case of a redirection loop, adjust the code above to:

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [OR]
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule (.*) https://www.domain.xyz/$1 [R=301,L]

and without subdomains:

RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^domain.xyz [NC]
RewriteRule (.*) https://www.domain.xyz/$1 [R=301,L]

In the case of a redirection loop, adjust the code above to:

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [OR]
RewriteCond %{HTTP_HOST} ^domain.xyz [NC]
RewriteRule (.*) https://www.domain.xyz/$1 [R=301,L]

Common Errors with HTTPS Redirection

To resolve common issues that may arise from redirecting your website to its secure HTTPS version, consult this guide (click here).