Solved

Redirect http to https for certain pages on website?

Posted on 2013-02-06
6
424 Views
Last Modified: 2013-02-11
Hi,
if I have a shopping cart website with an SSL cert installed and only want to secure specifc pages, can this be done with php or a .htaccess file?

How can I redirect from http to https for the pages I want to secure?

Thanks in advance for your feedback.
0
Comment
Question by:sabecs
6 Comments
 
LVL 14

Expert Comment

by:Scott Madeira
Comment Utility
you would want to use mod_rewrite and set up the rules in your .htaccess file.  Here is a link to an example that may be helpful.

http://stackoverflow.com/questions/1213404/using-htaccess-to-control-https-on-certain-pages
0
 
LVL 16

Assisted Solution

by:Rose Babu
Rose Babu earned 150 total points
Comment Utility
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 350 total points
Comment Utility
You can also redirect in the PHP script.

<?php // RAY_https_only.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO RESTRICT A SCRIPT SO THAT IT ONLY RUNS BEHIND HTTPS


// IF NOT HTTPS
if (empty($_SERVER["HTTPS"]))
{
    // CONSTRUCT THE HTTPS URL WE WANT, PRESERVING GET VARS
    $my_uri
    = 'https://'
    . $_SERVER["HTTP_HOST"]
    . $_SERVER["REQUEST_URI"]
    ;

    // BAIL OUT WITH 301 AND LOCATION
    header("HTTP/1.1 301 Moved Permanently");
    header("Location: $my_uri");
    exit;
}

// ELSE WE ARE ALREADY IN HTTPS - START SESSION FOR HTTPS ONLY IN ALL SUBDIRECTORIES AND ALL SUBDOMAINS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
if ($y == 1) // MAYBE 'localhost'?
{
    $cookie_domain = $x[0];
}
else // SOMETHING LIKE 'www2.atf70.whitehouse.gov'?
{
    // USE THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN
    $cookie_domain = '.' . $x[$y-2] . '.' . $x[$y-1];
}

$sess_name = session_name();
if (session_start())
{
    // MAN PAGE: http://php.net/manual/en/function.setcookie.php
    setcookie($sess_name, session_id(), NULL, '/', $cookie_domain, TRUE, TRUE);
}

Open in new window

HTH, ~Ray
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:sabecs
Comment Utility
Thanks for your help,
I think the easiest option may be via .htaccess file as in the links below

http://stackoverflow.com/questions/9633882/htaccess-redirect-4-specific-pages-to-https
http://stackoverflow.com/questions/1213404/using-htaccess-to-control-https-on-certain-pages

but is it possible to change the lines below in .htaccess file to redirect say my 6 pages below to https

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} /shopping_cart
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]



http://www.mywebsite.com/index.php?page=shopping_cart
http://www.mywebsite.com/index.php?page=order_form
http://www.mywebsite.com/index.php?page=login_form
http://www.mywebsite.com/index.php?page=user_orders
http://www.mywebsite.com/index.php?page_id=245
http://www.mywebsite.com/index.php?page_id=275
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Just to be clear, your application requirement is to redirect index.php to a secure connection sometimes, depending on the GET request arguments?
0
 

Author Comment

by:sabecs
Comment Utility
Yes Ray, that is correct.
I have php scripts that are included on the page depending on GET request arguments.

Thanks

Andrew
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now