I've got an Apache server with 2 Drupal sites: www.myserver.com and secure.myserver.com. At the moment a user can access either site with http:// or https://. That's fine for the www site - I'm happy for them to access that with either http or https protocol. However, if they try to access the secure site with the http protocol I'd like to immediately and transparently redirect them to https://secure.myserver.com/.

Loads of sites do this, but I've no idea how it's done. Is it done at the Apache level or the Drupal level? Can anyone point me to something that explains how I do it?

Comments

anner’s picture

I do it in apache. I don't think it can be done inside drupal, but maybe. I do it directly in httpd.conf, but you can probably do it in .htaccess. My rewrite rule looks like this:

RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://secure.mysite.net/ [R]
thrice’s picture

Rewrite rules aren't my thing, but that appears to send any access that doesn't go via port 443 to the secure site. That's not quite what I need. The www. site is fine by both port 80 and port 443. The secure site should be 443 only. So what I need is a rule that does the rewrite if the port is not 443 and the requested site is www.myserver.com.

Is it possible to add another RewriteCond that checks the requested URL for the 'www.' bit, or something?

anner’s picture

Yep, absolutely. you might try:

RewriteEngine on
RewriteCond %{HTTP_HOST}   !^secure\.yourserver\.name [NC]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*)         https://secure.yourserver.name

If that doesn't work try google-ing rewrite rules apache. There is lots of info out there.

thrice’s picture

A varient of that was exactly what I was after, thanks. :o)