.htaccess change to SSL

leapingleon
leapingleon used Ask the Experts™
on
Hi All

In my /secure/ directory, i use the code below in my .htaccess file to make sure the users browser connects via SSL so that they surf securely. However, when the user browses back to the main content (root directory), I dont want them using port 443 anymore, but the browser stays https://

Anyway I can fix this?
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.domain.co.uk/Secure/$1 [R,L]

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Try changing "RewriteCond %{SERVER_PORT} !^443$"
to:
RewriteCond %{HTTPS} on
Top Expert 2014

Commented:
What port do you want them using SSL with?

Do you have Apache setup to do SSL on the non-443 port?

Why don't you want them using port 443 for SSL traffic?
Top Expert 2014

Commented:
Just to let you know, https tells the browser to use port 443

   https://www.domain.co.uk

is the same thing as:

   http://www.domain.co.uk:443

Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Author

Commented:
Sorry, just re-read my question and it does seem confusing.

Basically, when the user browses the home page (http://www.domain.co.uk/index.php) I dont want the connection to be secure, however, when they browse the secure part of my website, i.e. http://www.domain.co.uk/secure/index.php I want the connection to be secure. I use the code above in my .htaccess to ensure that when they are in this secure directory, the connection is secure, and it works perfectly.

However, when a user navigates to the secure directory, and then back to the home page, the connection stays secure. I dont want this, I only want it to be secure when they are in the secure directory, and not when they are browsing the rest of the website.

Hope that makes more sense?
Top Expert 2014
Commented:
Logically you need a condition that checks for the absence of /secure/ and then change it back to http.

You might try putting a .htaccess in your document route that has:

RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://www.domain.co.uk/$1 [R,L]

However the best solution may be to have one .htaccess in your document route that checks for "/secure/" and changes to https otherwise change to http.

Is there any special reason you don't want them to use https in the non"/secure" directory?

Author

Commented:
Thanks, that seems to work nicely. You say the best would be to have one .htaccess for my root? How would I write this? Sorry, not great with these rewrite rules, found that code snippet I use on another forum.

The main reason is because the guy I wrote the site for is trying to sort the SEO out, and he noticed that google was indexing two pages for every page, the normal (http://www.domain.co.uk/index.php) and the secure (https://www.domain.co.uk/index.php). He reckoned the PR was not doing great because google sees that as duplicate content. I dont know much about SEO, but think google is smarter than that, however, I may be wrong. I also have a rule that dissallows robots from indexing port 443 traffic, but apparently that is not enough for him.

Author

Commented:
Or would it be as simple as just having both rules in my root?

RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://www.domain.co.uk/$1 [R,L]

RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.domain.co.uk/Secure/$1 [R,L]
Top Expert 2014

Commented:
You can't have both rules in your root as you have them.

You have to have the conditions check for /Secure and check for the absence of /Secure.

With what you have you are checking any connection with port 443 and with any connection that is not port 443.  I would suspect that this would cause a endless loop of re-directs.  Not sure but somehting  like


RewriteEngine On

RewriteCond %{SERVER_PORT} ^443$
RewriteCond !^/Secure(.*)
RewriteRule ^(.*)$ http://www.domain.co.uk/$1 [R,L]

RewriteCond %{SERVER_PORT} !^443$
RewriteCond ^/Secure(.*)
RewriteRule ^(.*)$ https://www.domain.co.uk/Secure/$1 [R,L]

But somebody that is much more experienced with rewrites would need to verify this.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial