What's the best way to force HTTPS and WWW but allow localhost?

It is important to force HTTPS and WWW for several reasons: earn the trust of your visitors by showing the connection is secure, and, if you are using a subdomain such as www, keeping consistency with your visitors and your reporting, on your cheap web hosting for example.


HTACCESS force HTTPS and WWW but allow localhost

It is important to force HTTPS and WWW for several reasons: earn the trust of your visitors by showing the connection is secure, and, if you are using a subdomain such as www, keeping consistency with your visitors and your reporting, on your cheap web hosting for example.

It can easily become complicated in reporting engines like Google Search Console to have different views for the exact same site and pages. One with secure HTTPS connection, one without, and one of each with Web subdomain www and another one without, and even become a nightmare leading you to have to setup a  Google Analytics subdomain filter   to have consistent reporting.

There are actually some easy ways to ensure that all visitors will be redirected to the secure in  HTACCESS force HTTPS   version of the site and the Web subdomain, without impacting the visits, and itcan also be used to  redirect website to another website   with this simple and elegant method.

And, on top of that, and to make it complete, to make sure that the localhost subdomain can be accessed without the Web subdomain or the redirect to HTTPS, and that pages ending with slash will be redirected to normal page, in order to avoid double count of the same pages in reports.

Let's get rid of all these duplicate pages, which make it difficult at the end to properly agregate analytics:

  • http://mywebsite.com/page
  • http://mywebsite.com/page/
  • https://mywebsite.com/page
  • https://mywebsite.com/page/
  • http://www.mywebsite.com/page
  • http://www.mywebsite.com/page/
  • https://www.mywebsite.com/page
  • https://www.mywebsite.com/page/
  • All this will be done by updating the .htaccess file, which is a hidden file used on Apache servers, usually stored on website's root folder.

Redirect page ending with slash

To remove the ending slash from the URL ending with one of them, and to have the requests redirected to the standard page without the slash, simply match URLs starting and ending with a slash, make sure it is not a directory being requested, and redirect to the whole request URI without the ending slash.

Also, redirect the page to the secure Web URL that should be correct - this will solve directly all of your potential issues, including ending slash, non secure request, or non Web subdomain.

We need also then an additional piece of code to make sure that any request to a directory ends with a slash, as normal website directories URLs will end up with one of them.

HTACCESS force HTTPS and force WWW htaccess

Now that the ending slash issue is solved, let's focus on the missing HTTPS or missing Web subdomain that can happen, with an htaccess  redirect http to https   with force www.

The easiest and most stylish way to make it happen, is to have both of them identified in the exact same htaccess condition.

This is done easily by matching URLs not starting with Web subdomain, or any request not including the HTTPS, and redirecting the the correct URL of our website, which includes both the secure connection and the Web subdomain www.

Force HTTPS and WWW but allow localhost

Learn SEO Basics: Enroll Today!

Boost your website's visibility and traffic by mastering the fundamentals of SEO with our easy-to-follow Basics course.

Start Learning SEO

Boost your website's visibility and traffic by mastering the fundamentals of SEO with our easy-to-follow Basics course.

Now, this is all good, but what happens when we actually try to reach our Website in development mode on XAMPP local server, but all our requests to http://localhost now get redirected to https://www.mysite.com - our production version?

Well the solution is to reuse the previous piece of code that enforces HTTPS and WWW version of the URL request, but start it by excluding from the check requests that are either adressed to localhost or to our local IP address, which is 127.0.0.1.

And that's it, we now have a beautiful piece of code that will solve all our problems!

Redirect HTTP to HTTPS htaccess, force WWW and remove ending slash

The whole piece of code below can be used in the HTACCESS file to achieve all the following:

Redirect HTTP to HTTPS in htacces,

Force WWW in htaccess,

Remove ending slash in URL.

Of course, do not forget to change the website URL for the one applying to you.

It can even be used to  redirect website to another website   by simply changing the destination URLs to your other  best cheap web hosting   website:

Frequently Asked Questions

How can web developers configure their sites to automatically redirect to HTTPS and WWW versions for security and consistency while exempting localhost from these redirects for development purposes?
Implement conditional redirects in your site’s .htaccess file or server configuration. Use rewrite rules to check if the domain is not localhost and then apply HTTPS and WWW redirects. This ensures that production traffic is secure and properly formatted, while development traffic on localhost remains unaffected for testing.

Yoann Bierling
About the author - Yoann Bierling
Yoann Bierling is a Web Publishing & Digital Consulting professional, making a global impact through expertise and innovation in technologies. Passionate about empowering individuals and organizations to thrive in the digital age, he is driven to deliver exceptional results and drive growth through educational content creation.

Learn SEO Basics: Enroll Today!

Boost your website's visibility and traffic by mastering the fundamentals of SEO with our easy-to-follow Basics course.

Start Learning SEO

Boost your website's visibility and traffic by mastering the fundamentals of SEO with our easy-to-follow Basics course.



Comments (0)

Leave a comment