This article explains how to change your website from using HTTP to HTTPS protocol. Simply having an SSL certificate isn't always sufficient to secure your website because intruders can still access it through an unsecured HTTP connection by typing "http://" before your website's URL.
To prevent this, you can use the Kloudbean Platform to enforce HTTPS redirection. This means setting up a 301 permanent redirect that automatically sends users from the unsecured HTTP version of your website to the secured HTTPS version.
Important
If you are using a Web Application Firewall (WAF) service like Cloudflare or Sucuri, or if you have set up custom HTTPS redirection using an application plugin or by modifying the .htaccess file, you should avoid forcing HTTPS redirection from the Kloudbean Platform. This is because having multiple redirection mechanisms can cause errors or lead to your website being stuck in redirection loops due to too many redirects.
However, if you specifically want to enforce HTTPS redirection through the Kloudbean Platform, you'll need to disable any other redirection mechanisms that are currently active. Once disabled, you can then follow the steps outlined in this article for proper guidance on implementing HTTPS redirection through Kloudbean.
What is HTTP?
HTTP stands for Hypertext Transfer Protocol. It is a fundamental protocol used on the World Wide Web (www) to facilitate communication and exchange of information between web users and servers. HTTP allows users to access and interact with web content such as text, images, and videos.
When a website URL starts with "http://" (e.g., http://www.kloudbean.co.uk), it indicates that the browser should use the HTTP protocol to communicate with the website's server. Data transmitted over HTTP is not encrypted, making it susceptible to interception by third parties. Due to this lack of security, web browsers like Google Chrome display a "Not secure" warning when accessing websites over plain HTTP.
Why Migrate to HTTPS?
HTTPS is now widely recommended for websites due to several important reasons:
1. Improved Security: Websites running on HTTP are vulnerable to easy hacking, as demonstrated by the ease of installing a browser plugin to intercept data. If your site is compromised, hackers can steal login credentials and sensitive information, inject malicious code, or distribute harmful viruses like Trojan Horses. This compromises the user experience and damages trust in your business.
2. SSL Certificate: HTTPS uses encryption provided by SSL certificates, significantly enhancing security. For websites, especially eCommerce stores handling sensitive information like payment details, flaws in security can have disastrous consequences. Additionally, modern browsers display warnings for unsecured connections, further deterring users from trusting and engaging with your site.
3. SEO Benefits: Google prioritizes secure websites running on HTTPS over those on HTTP, potentially boosting your site's search engine rankings. This can translate to increased visibility and traffic, benefiting your business.
4. Accurate Analytics: When your website moves from HTTP to HTTPS, referral statistics in analytics services like Google Analytics become more accurate. Traffic from HTTPS websites to HTTPS websites is correctly categorized as referral traffic, while traffic from HTTP to HTTPS sites may incorrectly appear as "Direct Traffic." This ensures you have reliable data to track and analyze user behavior and sources of traffic accurately.
Migrating to HTTPS not only enhances security and user trust but can also positively impact your website's performance, visibility, and analytics accuracy, contributing to a better overall online presence and user experience.
How to Redirect HTTP to HTTPS
Here are a few steps that can help your website to redirect to HTTPS.
Step# 1
Before setting up an HTTP to HTTPS redirect, it's important to ensure that your website has an SSL certificate deployed. The Kloudbean Platform supports various types of SSL certificates that can be installed for this purpose.
Tip
If you would like to learn about what an SSL certificate is and understand the differences between Single, Multiple, and Wildcard SSL certificates, please click here.
Step# 2
Log in to the Kloudbean Platform, click on the Servers tab from the top menu bar and choose your target server on which your desired application is deployed.
Next, click on the www icon located on the right-hand side of the server tab.
In the Application Administration section, navigate to the Settings option in the left navigation bar. Look for the Advanced tab, where you will find the HTTPS Redirection option. By default, this option will be disabled if you haven't previously enabled it from this section.
Now, toggle on to enable HTTPS redirection.
A dialog box will appear asking for confirmation so after reading the disclaimer, click Yes to proceed with implementing the redirection.
Post-redirection Steps
There are a few steps you need to make sure you execute after forcing the HTTPS redirection for the successful implementation of all the changes.
Step# 1
Clear your browser’s cache and cookies, purge the Varnish cache and restart the Apache web server via Kloudbean Platform.
Step# 2
Now it's time to verify if all the changes have been successfully implemented. You can use a third-party tool such as WhyNoPadlock to check whether your website is correctly enforcing HTTPS redirection.
You can also verify the redirect setup by using a third-party tool like serpworx. This tool will show you the HTTP status code 301 redirect, indicating the redirection from HTTP to HTTPS. The HTTP status code 301 ("Moved Permanently") confirms the permanent redirection.
After setting up HTTPS redirection and installing an SSL certificate, it's recommended by Kloudbean to take additional security measures.