HTTPS redirections

There's a few ways developers can implement redirections on stacks:

  • In the .htaccess file
  • Within the site's _config.php
  • With a module


Implementing in .htaccess is more performant than using PHP to redirect and allows more control than your standard Director redirection. If you are running your site with a public/ webroot folder, ensure that any rules are placed in public/.htaccess.

The below example redirects to

RewriteCond %{HTTP_HOST} ^redirection\.com(.*)$ [NC]
RewriteRule ^(.*)$ http://www\.redirection\.com/$1 [R=301,L]

You may also want to enforce a global redirection to HTTPS in the .htaccess file in which case there are some things to consider due to requests coming through Silverstripe Cloud's cache server which runs Varnish. You will need the following in your htaccess above your <IfModule mod_rewrite.c>section:

<IfModule mod_headers.c>    
Header always append Vary "X-Forwarded-Proto" "expr=%{REQUEST_STATUS} == 301"    
Header always append Vary "X-Forwarded-Proto" "expr=%{REQUEST_STATUS} == 302"

If we don't vary on X-Fowarded-Proto, Varnish will cache the 301 HTTPS redirects. This will send users who request uncached HTTP pages into infinite redirect loops until the cache times out (redirects sends the user into the same URI, just with a different X-Fowarded-Proto).

Once you have that then the redirection should be as follows:

RewriteCond %{HTTP_HOST} ^my\.domain\.govt\.nz$
RewriteCond %{HTTPS} !=on
Rewritecond %{HTTP:X-Forwarded-Proto} !https [NC]
RewriteCond %{REQUEST_URI} ^/(?:public/)?(.*)$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/%1 [L,R=301]

This will then force all traffic to redirect to HTTPS on

To support both Silverstripe CMS 3.x and Silverstripe CMS 4.x versions (with and without the /public folder), DocumentRoot for Silverstripe Cloud instance's virtual host points to the root folder (the code repository), regardless of the presence of the /public folder.

Root level .htaccess is used to redirect all content to the /public folder when it's present for Silverstripe CMS 4.x sites.

This needs to be taken into account when using %{REQUEST_URI} in your rewrite rules, or using RewriteMatch directive — both variables are DocumentRoot based.


Redirection to https or www can also be enabled using the Director class in your _config.php file, however using the .htaccess method is often more predictable. The following redirects all web traffic to https and www on a live site.

if(Director::isLive() && !Director::is_cli()) {

In this example Director::isLive() is used to only redirect on the Silverstripe Cloud production environment. !Director::is_cli() ensures that this redirection does not impact command-line actions such as the dev/build that occurs during deployment.

Note that this applies to all domains in your environment so be sure to check that they support HTTPS.


There's a number of modules that implement redirections in different ways, try searching the add-ons site for one that suits your needs. One popular example is redirectedurls .

Was this answer helpful? Yes No

Sorry we couldn't be helpful. Help us improve this article with your feedback.