leapingleon
asked on
.htaccess change to SSL
Hi All
In my /secure/ directory, i use the code below in my .htaccess file to make sure the users browser connects via SSL so that they surf securely. However, when the user browses back to the main content (root directory), I dont want them using port 443 anymore, but the browser stays https://
Anyway I can fix this?
In my /secure/ directory, i use the code below in my .htaccess file to make sure the users browser connects via SSL so that they surf securely. However, when the user browses back to the main content (root directory), I dont want them using port 443 anymore, but the browser stays https://
Anyway I can fix this?
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.domain.co.uk/Secure/$1 [R,L]
What port do you want them using SSL with?
Do you have Apache setup to do SSL on the non-443 port?
Why don't you want them using port 443 for SSL traffic?
Do you have Apache setup to do SSL on the non-443 port?
Why don't you want them using port 443 for SSL traffic?
Just to let you know, https tells the browser to use port 443
https://www.domain.co.uk
is the same thing as:
http://www.domain.co.uk:443
https://www.domain.co.uk
is the same thing as:
http://www.domain.co.uk:443
ASKER
Sorry, just re-read my question and it does seem confusing.
Basically, when the user browses the home page (http://www.domain.co.uk/index.php) I dont want the connection to be secure, however, when they browse the secure part of my website, i.e. http://www.domain.co.uk/secure/index.php I want the connection to be secure. I use the code above in my .htaccess to ensure that when they are in this secure directory, the connection is secure, and it works perfectly.
However, when a user navigates to the secure directory, and then back to the home page, the connection stays secure. I dont want this, I only want it to be secure when they are in the secure directory, and not when they are browsing the rest of the website.
Hope that makes more sense?
Basically, when the user browses the home page (http://www.domain.co.uk/index.php) I dont want the connection to be secure, however, when they browse the secure part of my website, i.e. http://www.domain.co.uk/secure/index.php I want the connection to be secure. I use the code above in my .htaccess to ensure that when they are in this secure directory, the connection is secure, and it works perfectly.
However, when a user navigates to the secure directory, and then back to the home page, the connection stays secure. I dont want this, I only want it to be secure when they are in the secure directory, and not when they are browsing the rest of the website.
Hope that makes more sense?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, that seems to work nicely. You say the best would be to have one .htaccess for my root? How would I write this? Sorry, not great with these rewrite rules, found that code snippet I use on another forum.
The main reason is because the guy I wrote the site for is trying to sort the SEO out, and he noticed that google was indexing two pages for every page, the normal (http://www.domain.co.uk/index.php) and the secure (https://www.domain.co.uk/index.php). He reckoned the PR was not doing great because google sees that as duplicate content. I dont know much about SEO, but think google is smarter than that, however, I may be wrong. I also have a rule that dissallows robots from indexing port 443 traffic, but apparently that is not enough for him.
The main reason is because the guy I wrote the site for is trying to sort the SEO out, and he noticed that google was indexing two pages for every page, the normal (http://www.domain.co.uk/index.php) and the secure (https://www.domain.co.uk/index.php). He reckoned the PR was not doing great because google sees that as duplicate content. I dont know much about SEO, but think google is smarter than that, however, I may be wrong. I also have a rule that dissallows robots from indexing port 443 traffic, but apparently that is not enough for him.
ASKER
Or would it be as simple as just having both rules in my root?
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://www.domain.co.uk/$1 [R,L]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.domain.co.uk/Secure/$1 [R,L]
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://www.domain.co.uk/$1 [R,L]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.domain.co.uk/Secure/$1 [R,L]
You can't have both rules in your root as you have them.
You have to have the conditions check for /Secure and check for the absence of /Secure.
With what you have you are checking any connection with port 443 and with any connection that is not port 443. I would suspect that this would cause a endless loop of re-directs. Not sure but somehting like
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteCond !^/Secure(.*)
RewriteRule ^(.*)$ http://www.domain.co.uk/$1 [R,L]
RewriteCond %{SERVER_PORT} !^443$
RewriteCond ^/Secure(.*)
RewriteRule ^(.*)$ https://www.domain.co.uk/Secure/$1 [R,L]
But somebody that is much more experienced with rewrites would need to verify this.
You have to have the conditions check for /Secure and check for the absence of /Secure.
With what you have you are checking any connection with port 443 and with any connection that is not port 443. I would suspect that this would cause a endless loop of re-directs. Not sure but somehting like
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteCond !^/Secure(.*)
RewriteRule ^(.*)$ http://www.domain.co.uk/$1 [R,L]
RewriteCond %{SERVER_PORT} !^443$
RewriteCond ^/Secure(.*)
RewriteRule ^(.*)$ https://www.domain.co.uk/Secure/$1 [R,L]
But somebody that is much more experienced with rewrites would need to verify this.
to:
RewriteCond %{HTTPS} on