Forcing a TLS redirect
Last updated 2020-11-20
If you want to only allow TLS on your site, we have you covered. We've built a setting into the request settings that will allow you to force unencrypted requests over to TLS. It works by returning a 301 Moved Permanently response to any unencrypted request, which redirects to the TLS equivalent. For instance, making a request for
://www.example.com would redirect to
Because requests can still happen over HTTP first even if you force a TLS redirect using these instructions, we recommend enabling HSTS as well. Fastly provides a different setting that lets you easily force TLS and enable HSTS at the same time. Alternatively, you can follow these instructions to force a TLS redirect and manually enable HSTS later.
These instructions assume that you've set up TLS service with Fastly.
To force a TLS redirect, follow these steps:
- Log in to the Fastly web interface.
- From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain.
- Click Edit configuration and then select the option to clone the active version.
- Click Settings.
Click Create request setting.
Fill out the Create a request setting fields as follows:
- In the Name field, enter a human-readable name for the request setting. This name is displayed in the Fastly web interface.
- From the Force TLS menu, select Yes.
Click Create to save your request setting changes.
- Click Activate to deploy your configuration changes.