Forcing SSL browsing in Apache

The Apache vhost configuration snippet below will force any non-SSL requests for a website to be rewritten to an HTTPS site instead. This is useful to ensure that clients cannot accidentally browse an insecure site, but they don’t have to remember or bookmark a particular URL. I use it for lionserver.co.uk, click the link to see it in action. ServerName secure.example.co.uk ServerAlias www.example.co.uk ServerAlias example.co.uk RewriteEngine On RewriteCond %{HTTPS} !on RewriteRule ^/(.