I'm having some nasty problems with my domain.

I have Cloudflare flexible SSL on my site and it makes an https call IF I type it myself> <When I try to get https to be used on my site through a .htaccess file, I get a firewall error.

I want all visitors to my site to always be redirected to https://www.example.com , even if they type example.com or example.com/index.php , etc. + using https throughout the site.

I just can't find a solution to this, so I'm trying to execute a stack.

My DNS settings in Cloudflare is an A record that points domain.com to an IP address and a CNAME record that says www.domain.com is an alias for domain.com

I do not have page rules added to Cloudflare atm.

  <IfModule mod_setenvif.c> <IfModule mod_headers.c> <FilesMatch "\.(cur|gif|ico|jpe?g|png|svgz?|webp)$"> SetEnvIf Origin ":" IS_CORS Header set Access-Control-Allow-Origin "*" env=IS_CORS </FilesMatch> </IfModule> </IfModule> <IfModule mod_headers.c> <FilesMatch "\.(eot|otf|tt[cf]|woff)$"> Header set Access-Control-Allow-Origin "*" </FilesMatch> </IfModule> Options -MultiViews <IfModule mod_headers.c> Header set X-UA-Compatible "IE=edge" # `mod_headers` cannot match based on the content-type, however, this # header should be send only for HTML pages and not for the other resources <FilesMatch "\.(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|tt[cf]|vcf|vtt|webapp|web[mp]|woff|xml|xpi)$"> Header unset X-UA-Compatible </FilesMatch> </IfModule> <IfModule mod_mime.c> # Audio AddType audio/mp4 m4a f4a f4b AddType audio/ogg oga ogg opus # Data interchange AddType application/json json map AddType application/ld+json jsonld AddType application/javascript js # Video AddType video/mp4 f4v f4p m4v mp4 AddType video/ogg ogv AddType video/webm webm AddType video/x-flv flv # Web fonts AddType application/font-woff woff AddType application/vnd.ms-fontobject eot AddType application/x-font-ttf ttc ttf AddType font/opentype otf AddType image/svg+xml svgz AddEncoding gzip svgz # Other AddType application/octet-stream safariextz AddType application/x-chrome-extension crx AddType application/x-opera-extension oex AddType application/x-web-app-manifest+json webapp AddType application/x-xpinstall xpi AddType application/xml atom rdf rss xml AddType image/webp webp AddType image/x-icon cur AddType text/cache-manifest appcache manifest AddType text/vtt vtt AddType text/x-component htc AddType text/x-vcard vcf </IfModule> AddDefaultCharset utf-8 <IfModule mod_mime.c> AddCharset utf-8 .atom .css .js .json .jsonld .rss .vtt .webapp .xml </IfModule> #<IfModule mod_rewrite.c> # Options +FollowSymlinks # Options +SymLinksIfOwnerMatch # RewriteEngine On # REDIRECT /folder/index.php to /folder/ # RewriteCond %{THE_REQUEST} ^[AZ]{3,9}\ /([^/]+/)*index\.php\ HTTP/ # RewriteRule ^(([^/]+/)*)index\.php$ http://www.domain.dk/$1 [R=301,L] #</IfModule> #<IfModule mod_rewrite.c> # RewriteCond %{HTTPS} !=on # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] # RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L] #</IfModule> #<IfModule mod_rewrite.c> # RewriteCond %{HTTPS} !=on # RewriteCond %{HTTP_HOST} !^www\. [NC] # RewriteCond %{SERVER_ADDR} !=127.0.0.1 # RewriteCond %{SERVER_ADDR} !=::1 # RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] #</IfModule> <IfModule mod_autoindex.c> Options -Indexes </IfModule> <IfModule mod_rewrite.c> RewriteCond %{SCRIPT_FILENAME} -d [OR] RewriteCond %{SCRIPT_FILENAME} -f RewriteRule "(^|/)\." - [F] </IfModule> <FilesMatch "(^#.*#|\.(bak|config|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$"> # Apache < 2.3 <IfModule !mod_authz_core.c> Order allow,deny Deny from all Satisfy All </IfModule> # Apache ≥ 2.3 <IfModule mod_authz_core.c> Require all denied </IfModule> </FilesMatch> <IfModule mod_headers.c> Header set X-Content-Type-Options "nosniff" </IfModule> #<IfModule mod_rewrite.c> # RewriteCond %{SERVER_PORT} !^443 # RewriteRule ^ https://www.domain.dk%{REQUEST_URI} [R=301,L] #</IfModule> <IfModule mod_deflate.c> # Force compression for mangled headers. <IfModule mod_setenvif.c> <IfModule mod_headers.c> SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding </IfModule> </IfModule> # Compress all output labeled with one of the following MIME-types # (for Apache versions below 2.3.7, you don't need to enable `mod_filter` # and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines # as `AddOutputFilterByType` is still in the core directives). <IfModule mod_filter.c> AddOutputFilterByType DEFLATE application/atom+xml \ application/javascript \ application/json \ application/ld+json \ application/rss+xml \ application/vnd.ms-fontobject \ application/x-font-ttf \ application/x-web-app-manifest+json \ application/xhtml+xml \ application/xml \ font/opentype \ image/svg+xml \ image/x-icon \ text/css \ text/html \ text/plain \ text/x-component \ text/xml </IfModule> </IfModule> <IfModule mod_headers.c> Header set Cache-Control "no-transform" </IfModule> <IfModule mod_headers.c> Header unset ETag </IfModule> FileETag None #<IfModule mod_expires.c> #ExpiresActive On #ExpiresByType image/jpg "access 1 year" #ExpiresByType image/jpeg "access 1 year" #ExpiresByType image/gif "access 1 year" #ExpiresByType image/png "access 1 year" #ExpiresByType text/css "access 1 month" #ExpiresByType text/html "access 1 month" #ExpiresByType application/pdf "access 1 month" #ExpiresByType text/x-javascript "access 1 month" #ExpiresByType application/x-shockwave-flash "access 1 month" #ExpiresByType image/x-icon "access 1 year" #ExpiresDefault "access 1 month" #</IfModule>