This article adds more depth on our original article "How to force HTTPS connections"
Creating a .htaccess file
Before you can add rewrite rules and all that fun stuff you first need to create the file. If you are using our shared hosting then go to your public_html folder and create a new file called .htaccess .
This is a dot file and by default these are hidden, any file starting with a dot will automatically be hidden. Make sure that you enable hidden or dot file viewing on cPanel or your FTP settings.
Force HTTPS
HTTPS is a secure extension of HTTP. Together with SSL it maintains privacy and data integrity across your website. Popular browsers like Chrome and Firefox will flag sites as untrustworthy or dangerous if these protocols aren't enabled or if you have an expired SSL certificate. You can learn more about SSL certificates here.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Force HTTPS on a Specific Folder
Make sure when using the below code that folder references the actual directory names.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]Remove .php extension from URL
We are going to use the RewriteEngine and RewriteConditions to enable friendly URLs. This is extremely helpful if you are using php files for your webpage. You will need the following code:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]Remove .html extension from URL
This is the same as above but we have changed the last line
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.html [NC,L]Adding a trailing slash
In the below code the first four lines are responsible for removing the .php extension. The following lines will add the desired trailing slash. If you want this code to apply to your .html files then modify as needed.
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^/]+)/$ $1.php
RewriteRule ^([^/]+)/([^/]+)/$ /$1/$2.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/)$
RewriteRule (.*)$ /$1/ [R=301,L]Not working?
On some hosting providers like GoDaddy you might need to add an additional line at the top of your .htaccess file.
Options +MultiViewsSEO Optimisation
If you are worried about search engines indexing your redirects as duplicate content then you can add a <canonical> meta ta in the <head> section of your pages.
<link rel="canonical" href="https://example.com/blog/example" />Authentication
You can use the file to setup security measures. By creating a file called .htpasswd you can authenticate users. Adding this will create a password portal that prompts site visitors to enter a password to access certain sections of the website. For security reasons make sure this file is not in the main directory.
Useful Link: Htpasswd generator (third party link)
Insert the generated code into your .htpasswd file. Whilst in your .htaccess insert the following code, replacing example.file with your actual file name and username with your cPanel username. If you aren't using cPanel then modify AuthUserFile as needed.
<FilesMatch "example.file">
AuthName "Member Only"
AuthType Basic
AuthUserFile /home/username/.htpasswd
require valid-user
</FilesMatch>You can protect more than one file by using wildcard names. On the FilesMatch in the previous code you can try the below individual lines
<FilesMatch "*.html">
<FilesMatch "file.*">
<FilesMatch "*.*"> 