Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Force SSL for all websites

Discussion in 'Security' started by Jeroen Maas, Jun 20, 2017.

  1. Jeroen Maas

    Jeroen Maas Registered

    Joined:
    May 28, 2017
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    Is it possible to force all cpanel hosted websites to run on HTTPS only? I know i can do it on a website basis using custom .htaccess. But is there a "global" way using WHM?

    Regards,

    Jeroen Maas
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,378
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Jeroen Maas likes this.
  3. Jeroen Maas

    Jeroen Maas Registered

    Joined:
    May 28, 2017
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    Just tried it out. That works really well! Thank you
     
    cPanelMichael likes this.
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,378
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I'm happy to see it works as intended. Thank you for updating us with the outcome.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. delia

    delia Member

    Joined:
    Feb 11, 2008
    Messages:
    21
    Likes Received:
    1
    Trophy Points:
    53
    Okay, so that is a wow! Please confirm that if you want all sites to use SSL that you choose the without SSL. That is counter intuitive to me! Are there any gotchas in this? There are sites already doing a forced redirect with the addition of force non to www. I'm having so much trouble getting these to work using cPanel redirects that I'm a bit hesitant to play with it server wide but this could be a major solution for me as long as I don't have sites going down all over the place.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,378
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Right, you'd use the "Without SSL" instructions to apply the rules in your custom include file to access attempts made using "http" and not "https". There's always a potential for custom Mod_Rewrite rules to conflict with the website's script. You may want to test the rules on individual virtual hosts first to make sure they don't lead to any issues accessing the websites.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice