Solved

Redirect http to https for certain pages on website?

Posted on 2013-02-06
6
434 Views
Last Modified: 2013-02-11
Hi,
if I have a shopping cart website with an SSL cert installed and only want to secure specifc pages, can this be done with php or a .htaccess file?

How can I redirect from http to https for the pages I want to secure?

Thanks in advance for your feedback.
0
Comment
Question by:sabecs
6 Comments
 
LVL 14

Expert Comment

by:Scott Madeira
ID: 38859183
you would want to use mod_rewrite and set up the rules in your .htaccess file.  Here is a link to an example that may be helpful.

http://stackoverflow.com/questions/1213404/using-htaccess-to-control-https-on-certain-pages
0
 
LVL 16

Assisted Solution

by:Rose Babu
Rose Babu earned 150 total points
ID: 38859209
0
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 350 total points
ID: 38861967
You can also redirect in the PHP script.

<?php // RAY_https_only.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO RESTRICT A SCRIPT SO THAT IT ONLY RUNS BEHIND HTTPS


// IF NOT HTTPS
if (empty($_SERVER["HTTPS"]))
{
    // CONSTRUCT THE HTTPS URL WE WANT, PRESERVING GET VARS
    $my_uri
    = 'https://'
    . $_SERVER["HTTP_HOST"]
    . $_SERVER["REQUEST_URI"]
    ;

    // BAIL OUT WITH 301 AND LOCATION
    header("HTTP/1.1 301 Moved Permanently");
    header("Location: $my_uri");
    exit;
}

// ELSE WE ARE ALREADY IN HTTPS - START SESSION FOR HTTPS ONLY IN ALL SUBDIRECTORIES AND ALL SUBDOMAINS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
if ($y == 1) // MAYBE 'localhost'?
{
    $cookie_domain = $x[0];
}
else // SOMETHING LIKE 'www2.atf70.whitehouse.gov'?
{
    // USE THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN
    $cookie_domain = '.' . $x[$y-2] . '.' . $x[$y-1];
}

$sess_name = session_name();
if (session_start())
{
    // MAN PAGE: http://php.net/manual/en/function.setcookie.php
    setcookie($sess_name, session_id(), NULL, '/', $cookie_domain, TRUE, TRUE);
}

Open in new window

HTH, ~Ray
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:sabecs
ID: 38862696
Thanks for your help,
I think the easiest option may be via .htaccess file as in the links below

http://stackoverflow.com/questions/9633882/htaccess-redirect-4-specific-pages-to-https
http://stackoverflow.com/questions/1213404/using-htaccess-to-control-https-on-certain-pages 

but is it possible to change the lines below in .htaccess file to redirect say my 6 pages below to https

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} /shopping_cart
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]



http://www.mywebsite.com/index.php?page=shopping_cart
http://www.mywebsite.com/index.php?page=order_form
http://www.mywebsite.com/index.php?page=login_form
http://www.mywebsite.com/index.php?page=user_orders
http://www.mywebsite.com/index.php?page_id=245
http://www.mywebsite.com/index.php?page_id=275
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 38863638
Just to be clear, your application requirement is to redirect index.php to a secure connection sometimes, depending on the GET request arguments?
0
 

Author Comment

by:sabecs
ID: 38866292
Yes Ray, that is correct.
I have php scripts that are included on the page depending on GET request arguments.

Thanks

Andrew
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question