Redirects HTTP to HTTPS but localhost

In the long journey of security, moving from HTTP to HTTPS is one of the many steps you will need to do. So, the first question is: why you just don't close port 80/tcp? The answer is more an SEO matter than a security one; if you close the port 80/tcp when Google and any other indexing engine will try to contact you, it will time-out. This, at Google's eyes, means an off-line server; an off-line server is a candidate to be taken out of the indexing.

Doing a proper redirection, for example from http://inside-out.xyz/path/script.php?parameters to https://inside-out.xyz/path/script.php?parameters is the correct way. Google will understand the HTTP error code 301 and it will reindex you with the correct URL.

Here it is my .htaccess file I use:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^127.0.0
RewriteCond %{REMOTE_HOST} !^127.0.0
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This will allow HTTP redirection for all queries but those who come to IP 127.0.0.x. You can play with the regular expression to do exceptions.

Remember to modify Apache's configuration in the <Directory> tag to allow all to be overwritten.

Enjoy!