How do I make sure that all connections to my Web site use SSL?

This page is showing a generic answer.
To see a more detailed answer customized for you, type your domain name here:

If you've purchased an SSL certificate for www.example.com, and you have a Web site that requires a username and password to access any pages on the site, you may wish to make sure that all connections to your site always use SSL.

You can do that by adding a .htaccess file to the top level of your Web site containing these three lines:

This is a generic example. Enter your domain name at the top of the page to see the exact lines to use for your Tiger Technologies Web site. 
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://www.example.com%{REQUEST_URI} [last]

With those lines in a .htaccess file, any requests starting with "http://" will be redirected to secure requests starting with "https://".

If you prefer, we can do this for you if you contact us.

What if I'm using a shared SSL certificate?

The .htaccess example above assumes you have purchased a valid SSL certificate. If you're using our shared SSL certificate, that technique won't work (the shared certificate Web server redirects, or "proxies", the secure connection via a normal HTTP connection on our private Ethernet network, so the RewriteCond test on your Web site will never think that the connection is secure).

If you want to do this while using our shared certificate, you should set up your .htaccess file to look for an HTTP header indicating that the request has been proxied through www.tigertech.net:

Again, this is a generic example. Enter your domain name at the top of the page to see the exact lines to use for your Tiger Technologies Web site. 
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Host} !^www\.tigertech\.net$
RewriteRule (.*) https://www.tigertech.net/ssl/example.com/$1 [R,L]

Although we've tested this and it works, note that we can't officially support it or guarantee it will always work. It relies on the under-documented Apache "X-Forwarded-Host" header always working properly, which we don't really have control over (in particular, we haven't tested to see whether the header is correctly set if multiple proxy servers are used for the request). If your site's security is important, we'd recommend getting your own SSL certificate and using the first example above.

What are the drawbacks of forcing SSL connections?

You shouldn't do this unless you absolutely need to. First of all, it makes your pages load more slowly. Also, some search engines will not index secure Web pages, so this may harm your search engine rankings.