Forcing a TLS redirect

  Last updated 2020-11-20

If you want to only allow TLS on your site, we have you covered. We've built a setting into the request settings that will allow you to force unencrypted requests over to TLS. It works by returning a 301 Moved Permanently response to any unencrypted request, which redirects to the TLS equivalent. For instance, making a request for http://www.example.com would redirect to https://www.example.com.

NOTE

Because requests can still happen over HTTP first even if you force a TLS redirect using these instructions, we recommend enabling HSTS as well. Fastly provides a different setting that lets you easily force TLS and enable HSTS at the same time. Alternatively, you can follow these instructions to force a TLS redirect and manually enable HSTS later.

Prerequisites

These instructions assume that you've set up TLS service with Fastly.

Forcing a TLS redirect

To force a TLS redirect, follow these steps:

  1. Log in to the Fastly web interface.
  2. From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain.
  3. Click Edit configuration and then select the option to clone the active version.
  4. Click Settings.

  5. Click Create request setting.

    the Create a request setting window

  6. Fill out the Create a request setting fields as follows:

    • In the Name field, enter a human-readable name for the request setting. This name is displayed in the Fastly web interface.
    • From the Force TLS menu, select Yes.

  7. Click Create to save your request setting changes.

  8. Click Activate to deploy your configuration changes.
Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.