Tracking IP change from HTTP to HTTPS

We track users on our website based on IP address, and lately we have noticed some incorrect tracking information. I believe this is because when someone switches from http to https their IP address changes. Is it possible to append this line in .htaccess to have the old IP address. Here is what I have now:

# switch to httpS if secure directory resources requested using http
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^secure/(.*)$ https://www.thenaughtybag.com/secure/$1 [R=301,L,NE]

I would want something like

# switch to httpS if secure directory resources requested using http
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^secure/(.*)$ https://www.thenaughtybag.com/secure/$1<& or ?>{REMOTE_ADDR} [R=301,L,NE]

Thanks
LVL 3
sypderAsked:
Who is Participating?
 
Steve BinkCommented:
RewriteRule ^secure/(.*)$ https://www.thenaughtybag.com/secure/$1?{REMOTE_ADDR} [R=301,L,NE,QSA]

To quote from the manual (emphasis is added):

'qsappend|QSA' (query string append)
This flag forces the rewrite engine to append a query string part of the substitution string to the existing string, instead of replacing it. *******Use this when you want to add more data to the query string via a rewrite rule.*******

Also:

Note: Query String

The Pattern will not be matched against the query string. Instead, you must use a RewriteCond with the %{QUERY_STRING} variable. You can, however, create URLs in the substitution string, containing a query string part. Simply use a question mark inside the substitution string, to indicate that the following text should be re-injected into the query string. When you want to erase an existing query string, end the substitution string with just a question mark. To combine a new query string with an old one, use the [QSA] flag.
0
 
Steve BinkCommented:
If someone's IP address is changing, it is not likely to be because they are using SSL vs non-SSL.  They are most likely using a proxy server (like AOL) to browse the web.  In this scenario, their IP could change to anything from one connection to the next, and there is not really a feasible way to track it 100%.

You most certainly could append the original IP to a rewrite request, but I don't think that will help you much in this regard.  There are no guarantees that the new IP is the exact same user since a proxy will handle requests from potentially thousands of people.  
0
 
sypderAuthor Commented:
Thanks routinet. Because this is only in our final checkout stage, I don't think we will have that many IPs, so having overlap shouldn't be a big problem.

How can I do <& or ?> in .htaccess, otherwise is the code I have above correct?
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Steve BinkCommented:
You'll want to use the [QSA] modifier for the RewriteRule.  Check it out at:

http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewriterule
0
 
sypderAuthor Commented:
My question has never answered. I know how to use the rewrite rule. (I use it in my question). My question has how to control wether a & or a ? is used in the rewrite rule.
0
 
Steve BinkCommented:
>>> My question has never answered.

Did you read my last response?  More importantly, did you read the information found at the link I provided?  Even more importantly, did you read the section of the [QSA] modifier found at the link I provided?


0
 
sypderAuthor Commented:
I don't see how it would work in this situation.

Can you give me an example?

RewriteRule ^secure/(.*)$ https://www.thenaughtybag.com/secure/$1<& or ?>{REMOTE_ADDR} [R=301,L,NE,QSA]
0
 
sypderAuthor Commented:
Okay,

This is what I didn't get. I didn't know that QSA was smart enough to relieze that after {REMOTE_ADDR} that it needed to start with a & and not a ?

Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.