I have ssl setup and require it for one page and the contents of one directory. My problem is that the rest of my site is also accessible via https as well as http.
I am looking for an htaccess solution that will force all https requests to http BUT if the url requested is cart.php or anything in the directory /private/ then these will be forced to https.
So just to be clear if the URL is either:
example.com/cart
OR
example.com/private/any_pages_in _this_directory
it will use HTTPS
any other URL is requested with HTTPS will be forced to HTTP.
Currently to force https I am using a custom header and have added:
<?php if($_SERVER["HTTPS"] != "on") {
header("HTTP/1.1 301 Moved Permanently");
header("Location: https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]);
exit();
}
?>
I would assume that once I have the correct htaccess to achieve my goal that i can then remove this code as otherwise it will cause problems with unresolvable redirects.
Sabby Sam answers:
Hi,
You can try
this script ( this is for facebook directory )
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/facebook
RewriteCond %{REQUEST_URI} !^/index\.php/facebook
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L,QSA]
julesphoto comments:
Thanks for your suggestion.
Before I try can you also suggest what to do about the single page that I mentioned in my original question?
So I need to redirect a directory and one page....
ie. facebook/ and cart.php
Sabby Sam comments:
For single page you can try for this one
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^secureform\.html$ https://www.example.com/cart.php [L,R=301]
Sabby Sam comments:
Sorry this one is correct
For single page you can try for this one
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^cart\.php$ https://www.example.com/cart.php [L,R=301]
Sabby Sam comments:
Sorry this one is correct
For single page you can try for this one
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^cart\.php$ https://www.example.com/cart.php [L,R=301]
julesphoto comments:
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/facebook
RewriteCond %{REQUEST_URI} !^/index\.php/facebook
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L,QSA]
This rule doesn't work for me. It does not force https for the directory and if i manually put https it redirects me to the homepage and http.
Sabby Sam comments:
This is for
facebook directory, can you rename your directory
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/facebook
RewriteCond %{REQUEST_URI} !^/index\.php/facebook
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L,QSA]
julesphoto comments:
Thanks I tried that but it doesn't force https.
This gets me https but it is giving the wrong url as I get facebook/facebook/
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} facebook
RewriteRule ^(.*)$ https://www.example.com/facebook/$1 [R,L]
Sabby Sam comments:
Can you please give me your directory name, I will write it again and give it back to you.
julesphoto comments:
Hi, everything in the directory called /clients/ should be SSL.
And the page called booking should be SSL.
Everything else should be forced to http.
Sabby Sam comments:
Just check this one first,
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/clients
RewriteCond %{REQUEST_URI} !^/index\.php/clients
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L,QSA]
and this this one
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} clients
RewriteRule ^(.*)$ https://www.example.com/clients/$1 [R,L]
julesphoto comments:
Ok the first one didn't do anything.
The second one forces https but I get a URL error as it serves me:
https://www.example.com/clients/clients/my-example-page/
when I need:
https://www.example.com/clients/my-example-page/
Sabby Sam comments:
https://www.example.com/clients/
on example.com
write your website url, it should work for you.
julesphoto comments:
I have been trying all the examples with my own domain and just changing it to example.com for privacy here.
As i said it works as far as giving me https but it is doubling the folder in the URL so I get a page not found.
Sabby Sam comments:
Okay try this one
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/clients/$1 [R,L]
or
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} clients
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
or
I have sent your private message, just check that once, we could do this little first.
julesphoto comments:
Ok we are getting somewhere! This one works for the directory:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} clients
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
So now I need to do the same for one page (payment). Do I need a new ruleset or do i add to this?
And then i need to make sure that any other url is forced to http?
Sabby Sam comments:
okay try this one then
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} cart.php
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
or
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^secureform\.html$ https://www.example.com/cart.php [L,R=301]
or simple add this line with the above in given answer
RewriteRule ^secureform\.html$ https://www.example.com/cart.php [L,R=301]
or
# force https for all URLs in /cart
RewriteCond %{HTTPS} =off
RewriteRule ^cart https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L
julesphoto comments:
Ok 2 down and one to go! I now have the SSL working for the directory and the page.
How do I now set it so that everything else besides these rules is forced from https to http??
Sabby Sam comments:
I am unclear, could you please guide explain with example
julesphoto comments:
Now if I access example.com/clients/ with this URL
http://www.example.com/clients/
it redirects to
HTTPS://www.example.com/clients/
and the same is also true for my cart page.
The rest of my website can be accessed via either http or https. I want to force http on all other urls on the website so if a request is made via https it will be forced to http.
Sabby Sam comments:
okay try this
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
julesphoto comments:
That will only cause a server 500 error as it includes no exceptions for the previous rules.
Sabby Sam comments:
Add this only
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
julesphoto comments:
As i said that will create an internal server error. So I just tried it and it did. The previous rules now need to be negated with another set of rules... you cant just override them.
Sabby Sam comments:
Did you tried this
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
also can you paste all code here
julesphoto comments:
Internal Sever Error with that code.
Sabby Sam comments:
Okay try this one now
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI}$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}$1
Sabby Sam comments:
Sorry try this one first
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}$1
julesphoto comments:
Neither one works and unfortunately I have to go now. I will leave the question for a bit to see if anyone else replies but I will vote at least half the prize to you if not more for your help. Thanks.
Sabby Sam comments:
private message me we still can resolve it easily, once we see all code, what is written in .htaccess.
thanks
Agus Setiawan answers:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/private/any_pages_in _this_directory
RewriteRule ^(.*)$ https://www.domain.com/private/any_pages_in _this_directory/$1 [R,L]
julesphoto comments:
Thanks for your suggestion.
Before I try can you also suggest what to do about the single page that I mentioned in my original question?
So I need to redirect one page....
example.com/cart
AND a directory
example.com/private/any_pages_in _this_directory
Agus Setiawan comments:
your single page and selected directory :
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^cart\.php$ https://www.yourdomain.com/cart.php [L,R=301]
RewriteRule ^(.*)$ https://www.yourdomain.com/private/any_pages_in _this_directory/$1 [R,L]
julesphoto comments:
Tried that and it doesn't work for me.
Hariprasad Vijayan answers:
Hello,
Check these threads
http://stackoverflow.com/questions/5720463/how-do-i-enable-https-only-on-certain-pages-with-htaccess
http://www.besthostratings.com/articles/force-ssl-htaccess.html
http://www.sitepoint.com/forums/showthread.php?631865-mod_rewrite-force-HTTPS-only-on-certain-pages
Hope you can also do it by adding additional condition to your current redirection code. Try this
<?php
$current_url = $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
$allow_url1 = $_SERVER["SERVER_NAME"].'/cart';
$allow_url2 = $_SERVER["SERVER_NAME"].'/private/';
if (strpos($current_url,$allow_url1) !== false || strpos($current_url,$allow_url2) !== false)
{
if($_SERVER["HTTPS"] != "on") {
header("HTTP/1.1 301 Moved Permanently");
header("Location: https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]);
exit();
}
}
?>