Redirect Request to SSL on Apache

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName mysite.example.com
   DocumentRoot /usr/local/apache2/htdocs
   Redirect /secure https://mysite.example.com/secure
</VirtualHost>

<VirtualHost _default_:443>
   ServerName mysite.example.com
   DocumentRoot /usr/local/apache2/htdocs
   SSLEngine On
# etc...
</VirtualHost>

When redirecting everything you don’t even need a DocumentRoot:

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName www.example.com
   Redirect / https://secure.example.com/
</VirtualHost>

<VirtualHost _default_:443>
   ServerName secure.example.com
   DocumentRoot /usr/local/apache2/htdocs
   SSLEngine On
# etc...
</VirtualHost>

Note: Once the configuration is working as intended, a permanent redirection can be considered. This avoids caching issues by most browsers while testing. The directive would then become:

Redirect permanent / https://secure.example.com/

—————

<Directory /topsecret>
  SSLRequireSSL
</Directory>

References
https://wiki.apache.org/httpd/RedirectSSL
https://serverfault.com/questions/429634/restrict-apache-to-only-allow-access-using-ssl-for-some-directories
https://www.tecmint.com/redirect-http-to-https-on-apache/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.