We need to force redirect all http traffic to https on space.wmflabs.org. Currently all links and navigation point to HTTPS, but we'd like to have this forced so there are no accidents. :) I've tried doing this at the Apache level (via .htaccess rules).
```
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# Don't allow indexing in directories
Options -Indexes
# Force HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
```
This results in a redirection loop.
I also have a rule in the WordPress config which is recommended as a best practice. This does not force HTTPS.
```lang=php
/* SSL Settings */
define('FORCE_SSL_ADMIN', true);
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS'] = 'on';
```