Say a site has SSL enabled. It's still possible to connect to non-SSL.

What's the best way to force incoming connections to apache on port 80 to go to the SSL port? Redirect somehow?

Try it with the following mod_rewrite rule


RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Seems to work. Will this prevent anyone trying to surf unencrypted though?

I woul say yes, cause in my tests in redirected / rewrote every access without http to https