Application Launcher

Date Published: February 5, 2025

Issue

As per instructions detailed in the document Redirecting all HTTP traffic to HTTPS, you have implemented the snippet:

RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

But the redirect is not occurring at all.

Resolution

Right place to add snippet

The .htaccess file that is used is the one that comes standard as part of the Drupal 8/9 installation.

Ensure that the snippet is placed under the section that determines if the Apache mod_rewrite module is enabled. The section starts with <IfModule mod_rewrite.c>.

Ensure that you don't put the snippet too far down in the section otherwise it will be overlooked by other .htaccess rules and the redirect will not occur.

Looking at the standard Drupal 8/9 version of .htaccess, the rewrite rule can be placed after the following snippet:

# Various rewrite rules.
<IfModule mod_rewrite.c>
  RewriteEngine on

  # Set "protossl" to "s" if we were accessed via https://.  This is used later
  # if you enable "www." stripping or enforcement, in order to ensure that
  # you don't bounce between http and https.
  RewriteRule ^ - [E=protossl]
  RewriteCond %{HTTPS} on
  RewriteRule ^ - [E=protossl:s]

  # Make sure Authorization HTTP header is available to PHP
  # even when running as CGI or FastCGI.
  RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

...... [snip] ......

  # If you do not have mod_rewrite installed, you should remove these
  # directories from your webroot or otherwise protect them from being
  # downloaded.
  RewriteRule "/\.|^\.(?!well-known/)" - [F]

...... [snip] ......
  #
  # To redirect all users to access the site WITHOUT the 'www.' prefix,
  # (http://www.example.com/foo will be redirected to http://example.com/foo)
  # uncomment the following:
  # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
  # RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]

<INSERT REDIRECT RULES HERE>

Prevent your .htaccess from being overwritten

Your .htaccess might be overwritten during Drupal core updates to prevent it you need to add an exception in your composer.json.

If you are using drupal/core-composer-scaffold add the following:

"extra": {
    "drupal-scaffold": {
      "file-mapping": {
        "docroot/.htaccess": false
      }
    }
  }

If you are using drupal-composer/drupal-scaffold add the following:

"extra": {
    "drupal-scaffold": {
      "excludes": [
        ".htaccess",
        "robots.txt"
      ]
    }
  }

https://support-acquia.force.com/s/article/360050205554-Prevent-your-htaccess-from-being-overwritten-during-Drupal-core-updates

Redirect from http to https implemented in .htaccess does not work

Issue

Resolution

Right place to add snippet

Prevent your .htaccess from being overwritten