Enforcing HTTPS

Today, I’ve had fun with Apache.

I obtained an SSL certificate for my domain and added it through my hosting provider’s admin panel.

Instantly, I got an idea — why not add an automatic HTTP to HTTPS redirect? This would mean that anyone, who would visit my site through an insecure connection would be automatically redirected and forced to use a secure connection.

My code (for .htaccess) looked like this:

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Everything checks for now. However, after uploading this config, unpleasant surprise awaited me.

Continue reading “Enforcing HTTPS”