Forcing SSL and www in .htaccess

The first line is used to prevent internal URL's from being rewritten. That might cause different pages to be displayed, so I've removed it.

If the host is example.com or is not requested over HTTPS, it will be rewritten to https://example.com/. I.e., it rewrites http://example.com, http://www.example.com and https://example.com to https://www.example.com in one action.

RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Documentation on mod_rewrite for Apache 2.2.

If you've subdomains like forum.example.com, the first rule should be as is. Otherwise, you can do a negative match against www.example.com as well.