---
title: "Redirect from http to https implemented in .htaccess does not work"
date: "2025-02-05T22:41:12+00:00"
summary:
image:
type: "article"
url: "/acquia-cloud-platform/help/93726-redirect-http-https-implemented-htaccess-does-not-work"
id: "4ebcbe40-23c6-4f2a-af53-094415d993ad"
---

**Issue**
---------

As per instructions detailed in the document [Redirecting all HTTP traffic to HTTPS](/node/56302), you have implemented the snippet:

    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

But the redirect is not occurring at all.

**Resolution**
--------------

### **Right place to add snippet**

The `_.htaccess_` file that is used is the one that comes standard as part of the Drupal 8/9 installation.

Ensure that the snippet is placed under the section that determines if the Apache mod\_rewrite module is enabled. The section starts with `_<IfModule mod_rewrite.c>_`.

Ensure that you don't put the snippet too far down in the section otherwise it will be overlooked by other `_.htaccess_` rules and the redirect will not occur.

Looking at the standard Drupal 8/9 version of `_.htaccess_`, the rewrite rule can be placed after the following snippet:

    # Various rewrite rules.
    <IfModule mod_rewrite.c>
      RewriteEngine on
    
      # Set "protossl" to "s" if we were accessed via https://.  This is used later
      # if you enable "www." stripping or enforcement, in order to ensure that
      # you don't bounce between http and https.
      RewriteRule ^ - [E=protossl]
      RewriteCond %{HTTPS} on
      RewriteRule ^ - [E=protossl:s]
    
      # Make sure Authorization HTTP header is available to PHP
      # even when running as CGI or FastCGI.
      RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    
    ...... [snip] ......
    
      # If you do not have mod_rewrite installed, you should remove these
      # directories from your webroot or otherwise protect them from being
      # downloaded.
      RewriteRule "/\.|^\.(?!well-known/)" - [F]
    
    ...... [snip] ......
      #
      # To redirect all users to access the site WITHOUT the 'www.' prefix,
      # (http://www.example.com/foo will be redirected to http://example.com/foo)
      # uncomment the following:
      # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
      # RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
    
    <INSERT REDIRECT RULES HERE>

### **Prevent your .htaccess from being overwritten**

Your ._htaccess_ might be overwritten during Drupal core updates to prevent it you need to add an exception in your composer.json.

*    If you are using _drupal/core-composer-scaffold_ add the following:

    "extra": {
        "drupal-scaffold": {
          "file-mapping": {
            "docroot/.htaccess": false
          }
        }
      }

*    If you are using _drupal-composer/drupal-scaffold_ add the following:

    "extra": {
        "drupal-scaffold": {
          "excludes": [
            ".htaccess",
            "robots.txt"
          ]
        }
      }

For more information, visit [Prevent your .htaccess from being overwritten during Drupal core updates](/acquia-cloud-platform/help/94446-prevent-your-htaccess-being-overwritten-during-drupal-core-updates "Prevent your .htaccess from being overwritten during Drupal core updates.").