Hypertext Access file Rewriting and Redirecting http and https redirects and HSTS configuration


Example

Generic redirect to https:

# Enable Rewrite engine
RewriteEngine on

# Check if URL does not contain https
RewriteCond %{HTTPS} off [NC]
# If condition is true, redirect to https
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]

Generic redirect to http:

# Enable Rewrite engine
RewriteEngine on

# Check if URL does contain https
RewriteCond %{HTTPS} on [NC]
# If condition is true, redirect to http
RewriteRule (.*) http://%{SERVER_NAME}/$1 [R=301,L]

Forcing HTTPS connection (HSTS):

<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>

where, the includeSubDomains option can be removed, if HSTS should be applied only to the base domain, or the domain with the above configuration.