If you wish to redirect users from the non-secure site to the SSL site, you can use the RewriteEngine directive inside the non-secure VirtualHost in your configuration (vhost.conf) of apache web server:
#Ensure mod_rewrite.so module is loaded
LoadModule rewrite_module modules/mod_rewrite.so
<VirtualHost *:80>
ServerName www.domain.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
#RewriteCond %{HTTPS} off
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301]
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
- The RewriteEngine On directive will enable the Rewrite capabilities.
- The RewriteCond %{HTTPS} !=on directive checks to make sure the connection is not already HTTPS.
Make sure you that you already have preconfigured the VitualHost for 443 for the same ServerName (/etc/httpd/conf.d/ssl.conf):
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName www.domain.com
SSLEngine on
SSLCertificateFile /path/to/www.example.com.cert
SSLCertificateKeyFile /path/to/www.example.com.key
<Location/>
SSLRequireSSL
</Location>
</VirtualHost>
Require SSL for a sub-section
It’s possible to force HTTPS for a specific sub-section of a site instead of the entire site.
The rule below will redirect all users who are using any part of /secure/ to the same location but using HTTPS.
i.e. http://www.example.com/secure/ to https://www.example.com/secure/
RewriteRule ^/?secure/(.*) https://%{SERVER_NAME}/secure/$1 [R,L]
Using the Redirect directive
You can also use the Redirect directive to pass to SSL.
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mysite.example.com
Redirect permanent /secure https://mysite.example.com/secure
</VirtualHost>
Note: redirect can also be used inside .htaccess files