xoundboy
asked on
htaccess rewrite rule to switch certain pages to https
My client's site has an application form and payment form that need to be served over https.
links to these pages are dynamically generated and I can't see a way of specifying that the links to these two pages are formed with the https prefix. They are currently served as http.
Also, there is an existing .htaccess file (code below)
Q1 How can I add some rewrite rules for these pages...
http://www.mydomain.com/Application.html
http://www.mydomain.com/Payment.html
... so that they redirect to their https versions without messing up the exisitng URL rewriting?
Also if you type https://mydomain.com/Application (ie without the www) then the browser throws a security alert.
Q2 How can I make sure that the 'www' is automatically added first?
If I had time I would read up on this and learn how to do it myself but unfortunately I have a looming deadline so I just need to fix it and ask questions later! Thanks very much in advance for your help.
links to these pages are dynamically generated and I can't see a way of specifying that the links to these two pages are formed with the https prefix. They are currently served as http.
Also, there is an existing .htaccess file (code below)
Q1 How can I add some rewrite rules for these pages...
http://www.mydomain.com/Application.html
http://www.mydomain.com/Payment.html
... so that they redirect to their https versions without messing up the exisitng URL rewriting?
Also if you type https://mydomain.com/Application (ie without the www) then the browser throws a security alert.
Q2 How can I make sure that the 'www' is automatically added first?
If I had time I would read up on this and learn how to do it myself but unfortunately I have a looming deadline so I just need to fix it and ask questions later! Thanks very much in advance for your help.
RewriteEngine On
RewriteRule ^Photo_Gallery-(.*).html$ /index.php?secName=Photo_Gallery&gallery=$1 [L,QSA]
RewriteRule ^(.*).html$ /index.php?secName=$1 [L,QSA]
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the delay
I tried your last suggestion but am still getting the redirect loop error
just to clarify, this is what I have now ...(the line commented out was just to kill the redirect loop)
I tried your last suggestion but am still getting the redirect loop error
just to clarify, this is what I have now ...(the line commented out was just to kill the redirect loop)
RewriteEngine On
RewriteCond %{HTTPS} =off
RewriteRule ^((Application|Payment)\.html)$ https://www.mydomain.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^mydomain\.com
RewriteRule %{HTTPS}s ^on(s)|^off
#RewriteRule ^(.*) http%1://www.mydomain.com/$1 [R=301,L]
RewriteRule ^Photo_Gallery-(.*).html$ /index.php?secName=Photo_Gallery&gallery=$1 [L,QSA]
RewriteRule ^(.*).html$ /index.php?secName=$1 [L,QSA]ASKER
I'm still stuck on this - please can someone help me, thanks
What did you request and to what location are you being redirected to? You can monitor your http headers with a firefox extension: https://addons.mozilla.org/de/firefox/addon/3829
ASKER
The problem is that when a user navigates away from a secure page the subsequent pages are still prefixed with https and not http the way that they should be
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi caterham_www
thanks very much for persevering with this. I added your latest suggestion to my .htaccess file and it is now working exactly the way I want it to. You have been a great help.
For anyone who needs to see how this was finally achieved I have pasted my final .htaccess code below.
thanks very much for persevering with this. I added your latest suggestion to my .htaccess file and it is now working exactly the way I want it to. You have been a great help.
For anyone who needs to see how this was finally achieved I have pasted my final .htaccess code below.
RewriteEngine On
RewriteCond %{HTTPS} =off
RewriteRule ^((Application|Payment)\.html)$ https://www.mydomain.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^mydomain\.com
RewriteRule %{HTTPS}s ^on(s)|^off
# Redirects every filepath with .html at the end (except Application.html and Payment.html) to http if https is on
RewriteCond %{HTTPS} =on
RewriteRule ^((?!Application|Payment).+\.html)$ http://www.mydomain.com/$1 [R=301,L]ASKER
Thanks very much!
ASKER
I added the new lines that you suggested one by one and after each addition saved the .htaccess file and checked for new/ different behaviour when browsing to Application/Payment pages and then to normal (non-secure) pages. This is what happened....
RewriteCond %{HTTPS} =off
... no apparent change in behaviour
RewriteRule ^((Application|Payment)\.h
... clicking Application / Payment page links in the navigation loaded these pages over https as required however when subsequently clicking a non-secure page link the new page would load but still over https (this is good but not quite right because the pages are already quite heavy and https is too slow)
RewriteRule %{HTTPS}s ^on(s)|^off
... no apparent change in behaviour after adding this one
RewriteRule ^(.*) http%1://www.example.com/$1 [R=301,L]
... clicking on a any link and the browser throws a Redirect loop error