You'll need to use a RewriteRule with two RewriteConds: one looking at %{HTTP_HOST} --to establish that it's the specified domain name-- and a second looking at either protocol or %{HTTPS} --to establish that it isn't already https.

The order of the two conditions has no effect on the workings of the rule, so start with the one that is most likely to fail. (It's your server and your sites, so you will know better than anyone else.)

If you're just setting up this site, take a moment to work out whether you need everything to be https, or only pages. If non-page content doesn't matter, write the rule so it only applies to page requests. Otherwise you're looking at a global

RewriteRule (.*) et cetera

which is around #2 in the list of Things You Want To Avoid.

thanx, would an example be asking too much?
(i just need the page requests redirected, not all content)

You're supposed to provide the example and someone can hopefully help you get things to work right. Check the forum charter: [webmasterworld.com...] to see how this works.

You realize that if the page request is https and the background image (for example) or logo is in a non-https folder and requested via a css file in a non-https folder, you will have browser security warning pop-ups scaring visitors. When an URL is https: for a page, the content needs to also be https.

the https version of my site works fine, i just want the redirect to avoid visitors (and googlebot) using the http version

here's what i gathered so far for the https rewrite:


RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.*)
RewriteRule ^.*$ [%1...] [R=301,L]

OR

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ [%{HTTP_HOST}%{REQUEST_URI}...] [L,R=301]


still trying to find the best way to single out a domain

You need both conditions in the same rule. If the rule is meant for just one domain, then say

RewriteCond %{HTTP_HOST} example\.com

without anchors. If users request the wrong form of the domain name (with/without www or-- far less common-- appended port number) then those requests will get redirected at the same time.

If you have rules that redirect specific pages on the same site, the https rule goes after those. Specific before general. And, of course, if you've got any access-control RewriteRules ([F] flag) then all redirects come after.

To stress what not2easy said:

if the page request is https and the background image (for example) or logo is in a non-https folder and requested via a css file in a non-https folder, you will have browser security warning pop-ups scaring visitors. When an URL is https: for a page, the non-page content needs to also be https.

I kinda suspect the security warnings are browser-specific. Possibly a preference setting? I know Camino always kicks up a fuss when there's a mixture of secure and non-secure content, while Safari doesn't seem to care.