How to force SSL (https) on Apache Location

Solution 1:

Its not a hack. here's a quick breakdown for you:

# Turn on Rewriting
RewriteEngine on 

# Apply this rule If request does not arrive on port 443
RewriteCond %{SERVER_PORT} !443 

# RegEx to capture request, URL to send it to (tacking on the captured text, stored in $1), Redirect it, and Oh, I'm the last rule.
RewriteRule ^(.*)$ https://www.x.com/dir/$1 [R,L]

Solution 2:

We use a slightly different, but mostly equivalent syntax. Rather than checking the port the request was received on, we check that HTTPS isn't being used. And we use the %{HTTP_HOST} environment variable rather than hardcoding the host name.

  RewriteEngine              On
  RewriteCond     %{HTTPS}   Off
  RewriteRule     .*         https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

I like this approach a little better, because it works when Apache is listening on non-standard ports. There could be a problem with using %{HTTP_HOST} if your site is behind a proxy, but we haven't tried that yet.

Solution 3:

Try

 <Location />
    SSLRequireSSL
 </Location>

Solution 4:

We define everything with name Virtual hosts. Then, if you are within a <Virtualhost *:80> definition, you don't have to check if it is not port 443, you already know it's not. You Can then just force everything that hits 80 over to 443 with a rule like:

RewriteEngine On
RewriteRule ^(.)$ https://www.yourdomain.com/$1 [R,L]

Solution 5:

Additionally to the already mentioned redirect you might want to add the SSLRequireSSL directive to your Location container which will deny access if you do not use an HTTPS connection. However, the solution with a VirtualHost for your SVN site which only listens on *:443 is more elegant.