How To Protect Api Key In Angualr App

Title image Force HTTPS with the .htaccess File

Force HTTPS connections with the .htaccess to make sure every connection is a secure one. Your website's visitors should be accessing your site using an SSL-encrypted connection for added security, accessibility, or PCI compliance. If you're unfamiliar with SSL, our article, "What is SSL and why is it important?" will get you up to speed. Just having an SSL is not enough if someone can accidentally reach your site with an unsecured connection. Read below to see how to force HTTPS connections on your site.

Why Force HTTPS for a Secure Connection?
Forcing HTTPS with .htaccess
- Redirect All Web Traffic
- Redirect Only One Specified Domain
- Redirect Specified Folder

Why Force HTTPS for a Secure Connection?

InMotion Hosting includes a free SSL Certificate for all Business Class Hosting Plans. It's easy to activate this SSL in your Account Management Panel (AMP) under My Account > Manage Free SSL.

We highly recommend that you require all visitors to your site to access it through a secure connection. At this point, a large majority of sites are running through SSL, and search engines may penalize you if you are not on SSL. More importantly, Google now seems to prioritize search results with secure connections over those without.

Forcing visitors to use SSL can be accomplished through a variety of plugins, or by manually editing your .htaccess file using mod_rewrite.

Forcing HTTPS with .htaccess

The .htaccess file is a configuration file used on Apache servers. It is a 'dot file,' as the period at the beginning of the file name means that it is hidden from view by default. If you cannot see it, be sure that you can view hidden files in cPanel's file manager.

NOTE: For WordPress sites, consider an SSL plugin such as Really Simple SSL instead.

Redirect All Web Traffic

To force all web traffic to use HTTPS, insert the following lines of code in the .htaccess file in your website's root folder.

WARNING: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.

RewriteEngine On  RewriteCond %{HTTPS} !on  RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$  RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

NOTE: Be sure to replace www.example.com with your actual domain name.

Redirect Only One Specified Domain

To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:

WARNING: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On  RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteCond %{SERVER_PORT} 80  RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

If this doesn't work, try removing the first two lines.

RewriteEngine On  RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteCond %{SERVER_PORT} 80  RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

NOTE: Make sure to replace example.com with the domain name you're trying to force to https. Additionally, you need to replace www.example.com with your actual domain name.

Redirect Specified Folder

If you want to force SSL on a specific folder, insert the code below into a .htaccess file placed in that specific folder:

WARNING: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On  RewriteCond %{SERVER_PORT} 80  RewriteCond %{REQUEST_URI} folder RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R=301,L]

NOTE: Make sure you change the folder reference to the actual folder name. Then, be sure to replace www.example.com/folder with your actual domain name and folder you want to force the SSL on.

If you're setting up an SSL for a WordPress site, be sure to check out our guide to setting your SSL up on a WordPress site. If you want advanced information on the .htaccess file, take a look at the official Apache .htaccess documentation. If your browser does not seem to indicate that you have an SSL even after you set this up, be sure to check our SSL 'lock' troubleshooting guide.