Force SSL in osTicket without htaccess changes

For many cloud hosting mechanisms, traditional SSL redirects using the htaccess file do not work.


CMSs such as Concrete5 and Joomla! get round this by having "Force SSL" options which cause the redirect from within the CMS itself.

osTicket, however, doesn't have such a setting (in the 1.9.4 version which was current at the time of writing this knowledgebase article). Note that it does have the capability to force the SQL server to use SSL for connection, it is just forcing of the published site to use SSL which is not there.

If you want to use SSL, this can be effected by simply adding the following highlighted lines in the file "ost-config.php" (which is located in the osTicket "include" sub-directory)

# define('ROOT_PATH', '/support/');


// If page requires SSL (forced true here), and we're not in SSL mode, // redirect to the SSL version of the page

if($_SERVER['SERVER_PORT'] != 443) { header("HTTP/1.1 301 Moved Permanently"); header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); exit(); }


#Disable direct access.