Force https (SSL) using .htaccess and mod_rewrite for XenForo

​

As we known, Google has announced that going HTTPS — adding a SSL 2048-bit key certificate on your site — will give you a minor ranking boost. And now, Brivium will tell you how to force https using .htaccess and mod_rewrite for XenForo that we installed on our official website. Force https and enabling it on your XenForo site will allow to log in with the secure “https” protocol instead of the standard “http” prefix.

This tip assumes that you have already installed SSL on your hosting server. If not, first you have to purchase a Secure Socket Layer (SSL) certificate from your Web hosting provider or other certificate reseller. While SSL encryption protocol doesn’t secure the site itself, since it encrypts traffic to and from the server it can prevent eavesdropping and protects sensitive data. Then it’s especially important to have SSL in your XenForo to secure confidential content, passwords and all that secure data. Proper use of SSL certificates will help you to gain your customers trust and sell more.

First of all, you need to change your board URL option in XenForo site. Go to Admin CP > Options > Basic Board Information and set Board URL & Home Page URL to https://yourdomain instead http://yourdomain.
This will force SSL for your entire website, both Admin CP and front end. If you don’t have SSL enabled for your domain name you will immediately get an error upon saving.

Please note: Above step allows you to configure SSL, but if a visitor enters a XenForo page through non-HTTPS (Our mean “old” URLs), this visitor is not automatically redirected.

Next, open .htaccess file on your forum root then add the following code to the bottom of the file to force HTTPS on all pages.

Code:

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301] 

If you want to force https on some pages, you can try

Code:

RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} (^register$|^login$)
RewriteRule ^/?(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301] 

If you want to add exceptions for force https on some pages, you can try

Code:

RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} !(^forums$|^threads$)
RewriteRule ^/?(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301] 

The finished, we will have .htaccess files as follow:

Code:

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default
<IfModule mod_rewrite.c>
    RewriteEngine On
    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo
    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301]
</IfModule>

We hope this has been helpful! If you have any questions or ran into problems, feel free to comment your mind as below.