How to redirect all traffic to HTTPS on your Drupal site

Drupal Version
7

Since Google announced that it gives an additional SEO boost for sites that are fully encrypted with HTTPS it is now advisable to encrypt your entire site and not just pages with sensitive information such as user login and checkout pages.

There are multiple method to achieve this. We like using the below modification to .HTACCESS file.

In the .HTACCESS file that is located in the Drupal root directory after the line:

<IfModule mod_rewrite.c>
  RewriteEngine on

Simply add this code to the:

    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Your Drupal .HTACCESS file should now have a section that looks similar to this:

# Various rewrite rules.
<IfModule mod_rewrite.c>
  RewriteEngine on

   RewriteCond %{HTTPS} off
   RewriteCond %{HTTP:X-Forwarded-Proto} !https
   RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  # Set "protossl" to "s" if we were accessed via https://.  This is used later
  # if you enable "www." stripping or enforcement, in order to ensure that
  # you don't bounce between http and https.
  RewriteRule ^ - [E=protossl]
  RewriteCond %{HTTPS} on
  RewriteRule ^ - [E=protossl:s]

NOTE: This, of course, assumes that you've procured a valid SSL certificate for your site/domain and have it installed correctly.

Author Information

Written by: Shawn Ostermann

Shawn is a Drupal Specialists with over 12 years of experiencing building and developing Drupal websites including custom module development and e-commerce websites.