htaccess HTTPS only no redirect

Question

I want to block port 80 (HTTP) completely and only allow HTTPS requests. I have found many examples of how to redirect from HTTP to HTTPS but I would prefer to display an error instead. I cannot block port 80 in my config file as my hosting provider does not allow me to modify these files. If possible, how can I achieve the same results with htaccess.

The reason for me wanting this on my api.domain.com is for added security after reading this article .

Quote from article...

Aside from abandoning HTTP Basic altogether there is an easy fix. close port 80 on your API host. This stops a connection being made dead in its tracks, preventing any credentials being sent in the clear

Answer 1

Try:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !/error\.php
RewriteRule ^ http://%{HTTP_HOST}/error.php [L,R]

or

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ - [L,F]

Answer 2

Can you please try this:

RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteCond %{REQUEST_URI} !/error\.php
RewriteRule .? https://%{HTTP_HOST}/error.php [L,R]

OR

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !/error\.php
RewriteRule ^ https://%{HTTP_HOST}/error.php [L,R]

This will check if server port is 80 It will redirect all requests to error.php

Answer 3

Apache httpd has a special directive for this, SSLRequireSSL , which gives a 403 error otherwise. (You could use ErrorDocument if you want a better error message and don't otherwise need 403.)