• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 474
  • Last Modified:

htaccess rewrite rule to switch certain pages to https

My client's site has an application form and payment form that need to be served over https.

links to these pages are dynamically generated and I can't see a way of specifying that the links to these two pages are formed with the https prefix. They are currently served as http.

Also, there is an existing .htaccess file (code below)

Q1 How can I add some rewrite rules for these pages...

http://www.mydomain.com/Application.html
http://www.mydomain.com/Payment.html

... so that they redirect to their https versions without messing up the exisitng URL rewriting?

Also if you type https://mydomain.com/Application  (ie without the www) then the browser throws a security alert.


Q2 How can I make sure that the 'www' is automatically added first?

If I had time I would read up on this and learn how to do it myself but unfortunately I have a looming deadline so I just need to fix it and ask questions later! Thanks very much in advance for your help.

RewriteEngine On
RewriteRule ^Photo_Gallery-(.*).html$ /index.php?secName=Photo_Gallery&gallery=$1 [L,QSA]
RewriteRule ^(.*).html$ /index.php?secName=$1 [L,QSA]

Open in new window

0
xoundboy
Asked:
xoundboy
  • 6
  • 4
3 Solutions
 
caterham_wwwCommented:
See my comments below
RewriteEngine On
# Q1 How can I add some rewrite rules for these pages... 
# 2. https =off
RewriteCond %{HTTPS} =off
# 1. matches /Application.html and /Payment.html only   3. redirct 301 to https...
RewriteRule ^((Application|Payment)\.html)$ https://www.example.com/$1 [R=301,L]
 
#Q2 How can I make sure that the 'www' is automatically added first?
# 2. checks if HTTPS is on or off, if on, safe s in a backreference
RewriteRule %{HTTPS}s ^on(s)|^off
# 1. matches every request     3. redirect 301 to either http or https
RewriteRule ^(.*) http%1://www.example.com/$1 [R=301,L]
 
RewriteRule ^Photo_Gallery-(.*)\.html$ /index.php?secName=Photo_Gallery&gallery=$1 [L,QSA]
RewriteRule ^(.*)\.html$ /index.php?secName=$1 [L,QSA]

Open in new window

0
 
xoundboyAuthor Commented:
Thanks for your quick response.

I added the new lines that you suggested one by one and after each addition saved the .htaccess file and checked for new/ different behaviour when browsing to Application/Payment pages and then to normal (non-secure) pages. This is what happened....

RewriteCond %{HTTPS} =off

... no apparent change in behaviour

RewriteRule ^((Application|Payment)\.html)$ https://www.example.com/$1 [R=301,L]

... clicking Application / Payment page links in the navigation loaded these pages over https as required however when subsequently clicking a non-secure page link the new page would load but still over https (this is good but not quite right because the pages are already quite heavy and https is too slow)

RewriteRule %{HTTPS}s ^on(s)|^off

... no apparent change in behaviour after adding this one

RewriteRule ^(.*) http%1://www.example.com/$1 [R=301,L]

... clicking on a any link and the browser throws a Redirect loop error
0
 
caterham_wwwCommented:
> one by one

you can only add rulesets one by one since the processing is always RewriteRule pattern --> conditions above that RewriteRule line --> rule substitution

> however when subsequently clicking a non-secure page link

Does your link look like a href="http://example.com/foo"?, i.e. containing the http protocol? If not, it's your browser which keeps the https protocol, i.e. the protocol of the current request.

> ... clicking on a any link and the browser throws a Redirect loop error

A condition, which checks the HTTP_HOSt is missing, sorry. Add

RewriteCond %{HTTP_HOST} ^example\.com
RewriteRule %{HTTPS}s ^on(s)|^off
RewriteRule ^(.*) http%1://www.example.com/$1 [R=301,L]


instead.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
xoundboyAuthor Commented:
Sorry for the delay

I tried your last suggestion but am still getting the redirect loop error

just to clarify, this is what I have now ...(the line commented out was just to kill the redirect loop)
RewriteEngine On
RewriteCond %{HTTPS} =off
 
RewriteRule ^((Application|Payment)\.html)$ https://www.mydomain.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^mydomain\.com
RewriteRule %{HTTPS}s ^on(s)|^off
#RewriteRule ^(.*) http%1://www.mydomain.com/$1 [R=301,L]
 
RewriteRule ^Photo_Gallery-(.*).html$ /index.php?secName=Photo_Gallery&gallery=$1 [L,QSA]
RewriteRule ^(.*).html$ /index.php?secName=$1 [L,QSA]

Open in new window

0
 
xoundboyAuthor Commented:

I'm still stuck on this - please can someone help me, thanks
0
 
caterham_wwwCommented:
What did you request and to what location are you being redirected to? You can monitor your http headers with a firefox extension:  https://addons.mozilla.org/de/firefox/addon/3829
0
 
xoundboyAuthor Commented:
The problem is that when a user navigates away from a secure page the subsequent pages are still prefixed with https and not http the way that they should be
0
 
caterham_wwwCommented:
If you're talking about a html link like 'a href="foo"'; that is not caused by mod_rewrite but your browser keeps the protocol of the current page. If your current page is being served via https and if s/o clicks on a link on that page and this page should be served through http instead of https, your link should look like href="http://...."

You can redirect all other pages to http again, but I don't know if this is a good idea. The user takes notice via the status bar that the link is https but you're serving http. Some browser's may also issue a warning, that they're leaving a secured site.
# Redirects every filepath with .html at the end (except Application.html and Payment.html) to http if https is on
RewriteCond %{HTTPS} =on
RewriteRule ^((?!Application|Payment).+\.html)$ http://www.mydomain.com/$1 [R=301,L]

Open in new window

0
 
xoundboyAuthor Commented:
Hi caterham_www

thanks very much for persevering with this. I added your latest suggestion to my .htaccess file and it is now working exactly the way I want it to. You have been a great help.

For anyone who needs to see how this was finally achieved I have pasted my final .htaccess code below.
RewriteEngine On
RewriteCond %{HTTPS} =off
RewriteRule ^((Application|Payment)\.html)$ https://www.mydomain.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^mydomain\.com
RewriteRule %{HTTPS}s ^on(s)|^off
# Redirects every filepath with .html at the end (except Application.html and Payment.html) to http if https is on
RewriteCond %{HTTPS} =on
RewriteRule ^((?!Application|Payment).+\.html)$ http://www.mydomain.com/$1 [R=301,L]

Open in new window

0
 
xoundboyAuthor Commented:
Thanks very much!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now