Apache mod_rewrite: rewriting URLs based on HTTPS vs. HTTP

October 29, 2008

On occasion it’s helpful to be able to pass both SSL and non-SSL requests through the same Apache configuration file.  Using mod_write‘s RewriteCond and RewriteRule, you can perform URL rewriting differently depending on whether or not the connection is via HTTPS:

# For SSL connections %{HTTPS} is "on" -- the following will
# permanently redirect all non-SSL requests from remote sites to SSL
RewriteCond %{HTTPS} !on
RewriteCond %{REMOTE_ADDR} !127.0.0.1
RewriteRule (.*) https://example.com$1 [L,R=301]

The first condition is true if HTTPS is not on (the exclamation mark negates the condition).  The second condition is true for any remote address other than 127.0.0.1.  Since consecutive RewriteCond statements are AND’ed, the RewriteRule will only be applied to remote non-SSL requests and will permanently redirect (with HTTP code 301) all requests to an https address.

Tags