SSL (Secure Socket Layer) is used for secured communication over the internet. This is mainly used by services such as banking, e-commerce, etc., and lately it’s also available on social networking sites such as Facebook and Twitter to prevent eavesdropping. Here I will show how you can force HTTPS browsing for users on your whole site, a particular folder or a particular page like the login page.
In order to make your website SSL enabled, you need a certificate (you can buy one from www.verisign.com), mod_rewrite module enabled server and access to .htaccess. When you have all three, open htaccess in an editor.
To always redirect a user to secure connection (https://), add the following lines to the .htaccess file:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ [R,L]Here, the .htaccess should be located in root directory of your server.
To enable HTTPS only for a particular folder, use this:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} foldername
RewriteRule ^(.*)$ [R,L]Here, the .htaccess file should be placed inside the directory where you need to enable HTTPS.
To enable HTTPS only on a page or two, you can use the following rewrite rules:
RewriteRule ^page1(.*) https://%{SERVER_NAME}/page1$1 [R,L]
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}