Posted on Monday 29th April 2019
It is generally best practice to enable https on websites to prevent third parties intercepting communications between the website and the visitor, but even if https is enabled, its not forced enabling visitors to browse a website in a non protected manner.
To prevent this being an issue, we can make use of the ModRewrite within apache to detect if a website is using http rather than https and redrect to https.
Just add the following to the .htaccess file
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>You can also direct the other way, although this is not advised.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>