htaccess rewrite rule to switch certain pages to https

My client's site has an application form and payment form that need to be served over https.

links to these pages are dynamically generated and I can't see a way of specifying that the links to these two pages are formed with the https prefix. They are currently served as http.

Also, there is an existing .htaccess file (code below)

Q1 How can I add some rewrite rules for these pages...

http://www.mydomain.com/Application.html
http://www.mydomain.com/Payment.html

... so that they redirect to their https versions without messing up the exisitng URL rewriting?

Also if you type https://mydomain.com/Application  (ie without the www) then the browser throws a security alert.


Q2 How can I make sure that the 'www' is automatically added first?

If I had time I would read up on this and learn how to do it myself but unfortunately I have a looming deadline so I just need to fix it and ask questions later! Thanks very much in advance for your help.

RewriteEngine On
RewriteRule ^Photo_Gallery-(.*).html$ /index.php?secName=Photo_Gallery&gallery=$1 [L,QSA]
RewriteRule ^(.*).html$ /index.php?secName=$1 [L,QSA]

Open in new window

LVL 2
xoundboyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

caterham_wwwCommented:
See my comments below
RewriteEngine On
# Q1 How can I add some rewrite rules for these pages... 
# 2. https =off
RewriteCond %{HTTPS} =off
# 1. matches /Application.html and /Payment.html only   3. redirct 301 to https...
RewriteRule ^((Application|Payment)\.html)$ https://www.example.com/$1 [R=301,L]
 
#Q2 How can I make sure that the 'www' is automatically added first?
# 2. checks if HTTPS is on or off, if on, safe s in a backreference
RewriteRule %{HTTPS}s ^on(s)|^off
# 1. matches every request     3. redirect 301 to either http or https
RewriteRule ^(.*) http%1://www.example.com/$1 [R=301,L]
 
RewriteRule ^Photo_Gallery-(.*)\.html$ /index.php?secName=Photo_Gallery&gallery=$1 [L,QSA]
RewriteRule ^(.*)\.html$ /index.php?secName=$1 [L,QSA]

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
xoundboyAuthor Commented:
Thanks for your quick response.

I added the new lines that you suggested one by one and after each addition saved the .htaccess file and checked for new/ different behaviour when browsing to Application/Payment pages and then to normal (non-secure) pages. This is what happened....

RewriteCond %{HTTPS} =off

... no apparent change in behaviour

RewriteRule ^((Application|Payment)\.html)$ https://www.example.com/$1 [R=301,L]

... clicking Application / Payment page links in the navigation loaded these pages over https as required however when subsequently clicking a non-secure page link the new page would load but still over https (this is good but not quite right because the pages are already quite heavy and https is too slow)

RewriteRule %{HTTPS}s ^on(s)|^off

... no apparent change in behaviour after adding this one

RewriteRule ^(.*) http%1://www.example.com/$1 [R=301,L]

... clicking on a any link and the browser throws a Redirect loop error
0
caterham_wwwCommented:
> one by one

you can only add rulesets one by one since the processing is always RewriteRule pattern --> conditions above that RewriteRule line --> rule substitution

> however when subsequently clicking a non-secure page link

Does your link look like a href="http://example.com/foo"?, i.e. containing the http protocol? If not, it's your browser which keeps the https protocol, i.e. the protocol of the current request.

> ... clicking on a any link and the browser throws a Redirect loop error

A condition, which checks the HTTP_HOSt is missing, sorry. Add

RewriteCond %{HTTP_HOST} ^example\.com
RewriteRule %{HTTPS}s ^on(s)|^off
RewriteRule ^(.*) http%1://www.example.com/$1 [R=301,L]


instead.
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

xoundboyAuthor Commented:
Sorry for the delay

I tried your last suggestion but am still getting the redirect loop error

just to clarify, this is what I have now ...(the line commented out was just to kill the redirect loop)
RewriteEngine On
RewriteCond %{HTTPS} =off
 
RewriteRule ^((Application|Payment)\.html)$ https://www.mydomain.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^mydomain\.com
RewriteRule %{HTTPS}s ^on(s)|^off
#RewriteRule ^(.*) http%1://www.mydomain.com/$1 [R=301,L]
 
RewriteRule ^Photo_Gallery-(.*).html$ /index.php?secName=Photo_Gallery&gallery=$1 [L,QSA]
RewriteRule ^(.*).html$ /index.php?secName=$1 [L,QSA]

Open in new window

0
xoundboyAuthor Commented:

I'm still stuck on this - please can someone help me, thanks
0
caterham_wwwCommented:
What did you request and to what location are you being redirected to? You can monitor your http headers with a firefox extension:  https://addons.mozilla.org/de/firefox/addon/3829
0
xoundboyAuthor Commented:
The problem is that when a user navigates away from a secure page the subsequent pages are still prefixed with https and not http the way that they should be
0
caterham_wwwCommented:
If you're talking about a html link like 'a href="foo"'; that is not caused by mod_rewrite but your browser keeps the protocol of the current page. If your current page is being served via https and if s/o clicks on a link on that page and this page should be served through http instead of https, your link should look like href="http://...."

You can redirect all other pages to http again, but I don't know if this is a good idea. The user takes notice via the status bar that the link is https but you're serving http. Some browser's may also issue a warning, that they're leaving a secured site.
# Redirects every filepath with .html at the end (except Application.html and Payment.html) to http if https is on
RewriteCond %{HTTPS} =on
RewriteRule ^((?!Application|Payment).+\.html)$ http://www.mydomain.com/$1 [R=301,L]

Open in new window

0
xoundboyAuthor Commented:
Hi caterham_www

thanks very much for persevering with this. I added your latest suggestion to my .htaccess file and it is now working exactly the way I want it to. You have been a great help.

For anyone who needs to see how this was finally achieved I have pasted my final .htaccess code below.
RewriteEngine On
RewriteCond %{HTTPS} =off
RewriteRule ^((Application|Payment)\.html)$ https://www.mydomain.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^mydomain\.com
RewriteRule %{HTTPS}s ^on(s)|^off
# Redirects every filepath with .html at the end (except Application.html and Payment.html) to http if https is on
RewriteCond %{HTTPS} =on
RewriteRule ^((?!Application|Payment).+\.html)$ http://www.mydomain.com/$1 [R=301,L]

Open in new window

0
xoundboyAuthor Commented:
Thanks very much!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.