Forcing a TLS redirect
Last updated 2020-11-20
If you want to only allow TLS on your site, we have you covered. We've built a switch into the request settings that will allow you to force unencrypted requests over to TLS. It works by returning a 301 Moved Permanently response to any unencrypted request, which redirects to the TLS equivalent. For instance, making a request for http
://www.example.com
would redirect to https
://www.example.com
.
NOTE
Because requests can still happen over HTTP first even if you force a TLS redirect using these instructions, we recommend enabling HSTS as well. Fastly provides a different switch that lets you easily force TLS and enable HSTS at the same time. Alternatively, you can follow these instructions to force a TLS redirect and manually enable HSTS later.
Prerequisites
These instructions assume that you've set up TLS service with Fastly.
Forcing a TLS redirect
To force a TLS redirect, follow these steps:
- Log in to the Fastly web interface.
- From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain.
- Click the Edit configuration button and then select the option to clone the active version. The Domains page appears.
- Click the Settings link. The Settings page appears.
Click the Create request setting button. The Create a request setting page appears.
Fill out the Create a request setting fields as follows:
- In the Name field, enter a human-readable name for the request setting. This name is displayed in the Fastly web interface.
- From the Force TLS menu, select Yes.
Click the Create button to save your request setting changes.
- Click the Activate button to deploy your configuration changes.
Do not use this form to send sensitive information. If you need assistance, contact support.