Force https (SSL) using .htaccess and mod_rewrite for XenForo

  1. Brivium

    Brivium - Aug 29, 2014 XenForo Services Staff Member

    Credit
    Point
    ssl_xenforo

    As we known, Google has announced that going HTTPS — adding a SSL 2048-bit key certificate on your site — will give you a minor ranking boost. And now, Brivium will tell you how to force https using .htaccess and mod_rewrite for XenForo that we installed on our official website. Force https and enabling it on your XenForo site will allow to log in with the secure “https” protocol instead of the standard “http” prefix.

    This tip assumes that you have already installed SSL on your hosting server. If not, first you have to purchase a Secure Socket Layer (SSL) certificate from your Web hosting provider or other certificate reseller. While SSL encryption protocol doesn’t secure the site itself, since it encrypts traffic to and from the server it can prevent eavesdropping and protects sensitive data. Then it’s especially important to have SSL in your XenForo to secure confidential content, passwords and all that secure data. Proper use of SSL certificates will help you to gain your customers trust and sell more.

    First of all, you need to change your board URL option in XenForo site. Go to Admin CP > Options > Basic Board Information and set Board URL & Home Page URL to https://yourdomain instead http://yourdomain.
    This will force SSL for your entire website, both Admin CP and front end. If you don’t have SSL enabled for your domain name you will immediately get an error upon saving.

    Please note: Above step allows you to configure SSL, but if a visitor enters a XenForo page through non-HTTPS (Our mean “old” URLs), this visitor is not automatically redirected.

    Next, open .htaccess file on your forum root then add the following code to the bottom of the file to force HTTPS on all pages.
    Code:
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301] 
    If you want to force https on some pages, you can try
    Code:
    RewriteCond %{HTTPS} off
    RewriteCond %{QUERY_STRING} (^register$|^login$)
    RewriteRule ^/?(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301] 
    If you want to add exceptions for force https on some pages, you can try
    Code:
    RewriteCond %{HTTPS} off
    RewriteCond %{QUERY_STRING} !(^forums$|^threads$)
    RewriteRule ^/?(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301] 
    The finished, we will have .htaccess files as follow:
    Code:
    ErrorDocument 401 default
    ErrorDocument 403 default
    ErrorDocument 404 default
    ErrorDocument 500 default
    <IfModule mod_rewrite.c>
        RewriteEngine On
        #    If you are having problems with the rewrite rules, remove the "#" from the
        #    line that begins "RewriteBase" below. You will also have to change the path
        #    of the rewrite to reflect the path to your XenForo installation.
        #RewriteBase /xenforo
        #    This line may be needed to enable WebDAV editing with PHP as a CGI.
        #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
        RewriteCond %{REQUEST_FILENAME} -f [OR]
        RewriteCond %{REQUEST_FILENAME} -l [OR]
        RewriteCond %{REQUEST_FILENAME} -d
        RewriteRule ^.*$ - [NC,L]
        RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
        RewriteRule ^.*$ index.php [NC,L]
        RewriteCond %{HTTPS} off
        RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301]
    </IfModule>
    We hope this has been helpful! If you have any questions or ran into problems, feel free to comment your mind as below.
     
    Last edited: Aug 29, 2014
    Loading...
  2. Tealk

    Tealk - Sep 9, 2015 New Member VIP Member

    Credit
    Point
    Hi,
    i follow your tutorial but it does not run for me :(
     
    #2
  3. Brivium

    Brivium - Sep 9, 2015 XenForo Services Staff Member

    Credit
    Point
    So what happened ?
     
    #3
  4. Tealk

    Tealk - Sep 9, 2015 New Member VIP Member

    Credit
    Point
    I'm not redirected to https
     
    #4
  5. Brivium

    Brivium - Sep 10, 2015 XenForo Services Staff Member

    Credit
    Point
    Please ask your Hosting Provider for adding this line on apache conf.

    Regards,
     
    #5
  6. Tealk

    Tealk - Sep 12, 2015 New Member VIP Member

    Credit
    Point
    This line? Which one?
     
    #6
  7. xSAMeTHD_

    xSAMeTHD_ - Sep 25, 2015 New Member

    Credit
    Point
    you aren't help..
     
    #7
  8. h4ck3d

    h4ck3d - Dec 15, 2015 New Member

    Credit
    Point
    First at all are u using Cpanel or Plesk.
    Second are u using CloudFlare ?
    Because all this can be factor to make it work or not.. And Google has enough info. to get this fixed :)

    Brivium Nice Tut Btw
     
    #8
  9. joey_tbf

    joey_tbf - Sep 25, 2016 Active Member VIP Member

    Credit
    Point
    Here is a good video if people are using cloudflare, it's in russian but just mute the video.





    works fine along with brivium's tutorial


    tanks sir!
     
    #9