Created
June 29, 2023 20:43
-
-
Save nathnolt/a9397d94bae17cacafbcf42238f2d002 to your computer and use it in GitHub Desktop.
Apache Rewrite to HTTPS only when supported by browser vhosts / htaccess
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I only have used it inside of my vhosts file, but I think it should also work in .htaccess | |
| RewriteEngine on | |
| # rewrite to https. | |
| # ----------------- | |
| # %{HTTP:X-Forwarded-Proto} !https: This condition checks if the X-Forwarded-Proto header is not set to https. | |
| # The X-Forwarded-Proto #header is typically set by proxies or load balancers to indicate the original protocol | |
| # used for the request. By checking this header, # you can ensure that the redirect only occurs if the request | |
| # is not already using HTTPS. | |
| RewriteCond %{HTTP:X-Forwarded-Proto} !https | |
| # %{HTTP:Upgrade-Insecure-Requests} ^1$: This condition checks if the Upgrade-Insecure-Requests header is set to 1. | |
| # The Upgrade-Insecure-Requests header is sent by modern browsers that support HTTPS and can automatically upgrade | |
| # an insecure request to a secure one. By checking this header, you can verify if the browser supports HTTPS and | |
| # wants to upgrade the request to HTTPS. | |
| RewriteCond %{HTTP:Upgrade-Insecure-Requests} ^1$ | |
| RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This makes it possible to use your website with browsers which don't support https
Not sure if it also works for browsers which support an older version of https