Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Redirect http to https for certain pages on website?

Posted on 2013-02-06
6
Medium Priority
?
444 Views
Last Modified: 2013-02-11
Hi,
if I have a shopping cart website with an SSL cert installed and only want to secure specifc pages, can this be done with php or a .htaccess file?

How can I redirect from http to https for the pages I want to secure?

Thanks in advance for your feedback.
0
Comment
Question by:sabecs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 14

Expert Comment

by:Scott Madeira
ID: 38859183
you would want to use mod_rewrite and set up the rules in your .htaccess file.  Here is a link to an example that may be helpful.

http://stackoverflow.com/questions/1213404/using-htaccess-to-control-https-on-certain-pages
0
 
LVL 16

Assisted Solution

by:Rose Babu
Rose Babu earned 600 total points
ID: 38859209
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1400 total points
ID: 38861967
You can also redirect in the PHP script.

<?php // RAY_https_only.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO RESTRICT A SCRIPT SO THAT IT ONLY RUNS BEHIND HTTPS


// IF NOT HTTPS
if (empty($_SERVER["HTTPS"]))
{
    // CONSTRUCT THE HTTPS URL WE WANT, PRESERVING GET VARS
    $my_uri
    = 'https://'
    . $_SERVER["HTTP_HOST"]
    . $_SERVER["REQUEST_URI"]
    ;

    // BAIL OUT WITH 301 AND LOCATION
    header("HTTP/1.1 301 Moved Permanently");
    header("Location: $my_uri");
    exit;
}

// ELSE WE ARE ALREADY IN HTTPS - START SESSION FOR HTTPS ONLY IN ALL SUBDIRECTORIES AND ALL SUBDOMAINS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
if ($y == 1) // MAYBE 'localhost'?
{
    $cookie_domain = $x[0];
}
else // SOMETHING LIKE 'www2.atf70.whitehouse.gov'?
{
    // USE THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN
    $cookie_domain = '.' . $x[$y-2] . '.' . $x[$y-1];
}

$sess_name = session_name();
if (session_start())
{
    // MAN PAGE: http://php.net/manual/en/function.setcookie.php
    setcookie($sess_name, session_id(), NULL, '/', $cookie_domain, TRUE, TRUE);
}

Open in new window

HTH, ~Ray
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:sabecs
ID: 38862696
Thanks for your help,
I think the easiest option may be via .htaccess file as in the links below

http://stackoverflow.com/questions/9633882/htaccess-redirect-4-specific-pages-to-https
http://stackoverflow.com/questions/1213404/using-htaccess-to-control-https-on-certain-pages 

but is it possible to change the lines below in .htaccess file to redirect say my 6 pages below to https

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} /shopping_cart
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]



http://www.mywebsite.com/index.php?page=shopping_cart
http://www.mywebsite.com/index.php?page=order_form
http://www.mywebsite.com/index.php?page=login_form
http://www.mywebsite.com/index.php?page=user_orders
http://www.mywebsite.com/index.php?page_id=245
http://www.mywebsite.com/index.php?page_id=275
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 38863638
Just to be clear, your application requirement is to redirect index.php to a secure connection sometimes, depending on the GET request arguments?
0
 

Author Comment

by:sabecs
ID: 38866292
Yes Ray, that is correct.
I have php scripts that are included on the page depending on GET request arguments.

Thanks

Andrew
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question