How to force HTTPS (SSL) using .htaccess and mod_rewrite

As of 2014, Google Panda algorithm started giving ranking signal based on HTTPS encryption by default. This means sites that have SSL/HTTPS by default will get higher rank. To force HTTPS by default, you will need the mod_rewrite module installed already (which is already a basic requirement of SCHLIX CMS).

If you want to forward all traffic to SSL (assuming this is the only site, edit the .htaccess file in the root of your SCHLIX CMS folder, find the following lines

RewriteCond %{REQUEST_URI} (/|\.htm|\.xhtml|\.html|\.*|/[^.]*)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule (.*) index.php

Then you can insert the following line:

RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule ^(.*)$ https://www.yourwebsite.com%{REQUEST_URI} [L,R] # replace www.yourwebsite.com with the domain of your website

If you use Let's Encrypt, it is important that you keep the line that contains .well-kown/acme-challenge because of the way it tries to verify the website ownership.

Note:

  • There is no / (slash) between the domain name www.yourwebsite.com and %{REQUEST_URI}, it's not a a typo.
  • It is okay to make a modification to the .htaccess file because it will not be overwritten by the SCHLIX CMS automatic update.