Solved

Redirect http to https for certain pages on website?

Posted on 2013-02-06
6
440 Views
Last Modified: 2013-02-11
Hi,
if I have a shopping cart website with an SSL cert installed and only want to secure specifc pages, can this be done with php or a .htaccess file?

How can I redirect from http to https for the pages I want to secure?

Thanks in advance for your feedback.
0
Comment
Question by:sabecs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 14

Expert Comment

by:Scott Madeira
ID: 38859183
you would want to use mod_rewrite and set up the rules in your .htaccess file.  Here is a link to an example that may be helpful.

http://stackoverflow.com/questions/1213404/using-htaccess-to-control-https-on-certain-pages
0
 
LVL 16

Assisted Solution

by:Rose Babu
Rose Babu earned 150 total points
ID: 38859209
0
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 350 total points
ID: 38861967
You can also redirect in the PHP script.

<?php // RAY_https_only.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO RESTRICT A SCRIPT SO THAT IT ONLY RUNS BEHIND HTTPS


// IF NOT HTTPS
if (empty($_SERVER["HTTPS"]))
{
    // CONSTRUCT THE HTTPS URL WE WANT, PRESERVING GET VARS
    $my_uri
    = 'https://'
    . $_SERVER["HTTP_HOST"]
    . $_SERVER["REQUEST_URI"]
    ;

    // BAIL OUT WITH 301 AND LOCATION
    header("HTTP/1.1 301 Moved Permanently");
    header("Location: $my_uri");
    exit;
}

// ELSE WE ARE ALREADY IN HTTPS - START SESSION FOR HTTPS ONLY IN ALL SUBDIRECTORIES AND ALL SUBDOMAINS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
if ($y == 1) // MAYBE 'localhost'?
{
    $cookie_domain = $x[0];
}
else // SOMETHING LIKE 'www2.atf70.whitehouse.gov'?
{
    // USE THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN
    $cookie_domain = '.' . $x[$y-2] . '.' . $x[$y-1];
}

$sess_name = session_name();
if (session_start())
{
    // MAN PAGE: http://php.net/manual/en/function.setcookie.php
    setcookie($sess_name, session_id(), NULL, '/', $cookie_domain, TRUE, TRUE);
}

Open in new window

HTH, ~Ray
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:sabecs
ID: 38862696
Thanks for your help,
I think the easiest option may be via .htaccess file as in the links below

http://stackoverflow.com/questions/9633882/htaccess-redirect-4-specific-pages-to-https
http://stackoverflow.com/questions/1213404/using-htaccess-to-control-https-on-certain-pages 

but is it possible to change the lines below in .htaccess file to redirect say my 6 pages below to https

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} /shopping_cart
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]



http://www.mywebsite.com/index.php?page=shopping_cart
http://www.mywebsite.com/index.php?page=order_form
http://www.mywebsite.com/index.php?page=login_form
http://www.mywebsite.com/index.php?page=user_orders
http://www.mywebsite.com/index.php?page_id=245
http://www.mywebsite.com/index.php?page_id=275
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 38863638
Just to be clear, your application requirement is to redirect index.php to a secure connection sometimes, depending on the GET request arguments?
0
 

Author Comment

by:sabecs
ID: 38866292
Yes Ray, that is correct.
I have php scripts that are included on the page depending on GET request arguments.

Thanks

Andrew
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question