If you want to force all of your site traffic to use HTTPS or a specific part of your website, here is how to do it:
Whole SIte :
RewriteEngine On # This will enable the Rewrite capabilities RewriteCond %{HTTPS} !=on # This checks to make sure the connection is not already HTTPS RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] # This rule will redirect users from their original location, to the same location but using HTTPS. # i.e. http://www.example.com/foo/ to https://www.example.com/foo/ # The leading slash is made optional so that this will work either in httpd.conf # or .htaccess context
Specific Directory
RewriteEngine On # This will enable the Rewrite capabilities RewriteCond %{HTTPS} !=on # This checks to make sure the connection is not already HTTPS RewriteRule ^/?secure/(.*) https://%{SERVER_NAME}/secure/$1 [R,L] # This rule will redirect all users who are using any part of /secure/ to the same location but using HTTPS. # i.e. http://www.example.com/secure/ to https://www.example.com/secure/ # This means if you dont want to force HTTPS for all directories you can force it for a specific sub-section of the site.