All geek questions in one place

How to enable https only on certain pages using htaccess?

I have an e-commerce site and I want to enable https only in the e-commerce section of the site located at https://mysite.com/buy

Since all links on my pages are relative, when someone visits http://mysite.com and clicks the Buy button, they are redirected to http://mysite.com/buy

In addition, if they visit https://mysite.com/buy and click on a link to another page, they are translated to https://mysite.com .

The reason I want https only in this section is because I have external elements (e.g. Google Maps, Youtube, Twitter, etc.) that cannot be sent via https.

Is there a way with htaccess that I can force / directory directories to force https, but every other page forces http?

Edit: In case anyone is interested, I was able to solve this using PHP. I would prefer the htaccess solution, but now this will work:

if($_SERVER['HTTPS'] == "on") { if(strpos($_SERVER['REQUEST_URI'],"buy") === false) { Header("Location: http://$_SERVER['HTTP_HOST']."".$_SERVER['REQUEST_URI']"); } }
+6
source share
3 answers

Try this in your .htaccess file:

 Options +FollowSymLinks RewriteEngine on # redirect for http /buy page RewriteCond %{SERVER_PORT} =80 RewriteRule ^buy/?$ https://mysite.com/buy [R=301,QSA,L,NE] # redirect for https non /buy pages RewriteCond %{SERVER_PORT} =443 RewriteCond %{REQUEST_URI} !^/buy [NC] RewriteRule ^/?(.*)$ http://mysite.com/$1 [R=301,QSA,L,NE]

R=301 will be redirected with https 301 status
L will make the last NE rule for the query string without escaping QSA will add your existing query parameters
NC for comparison with ignoring case

$1 - your REQUEST_URI

+6
source

I have no experience, but from what I see, it seems that the htaccess configuration file should only affect the files in the folder in which the file is stored.

So you should be able to do something like this:

http://www.besthostratings.com/articles/force-ssl-htaccess.html

And put it in the / buy folder of your site.

0
source

If your web page is hosted on port 9001 , simply enable any port in your linux window and make these changes in /etc/httpd/conf.d/ssl.conf . Then set your Listen Port to 9002 and create an SSL certificate and enter and execute the following configuration in the httpd.conf file

 Listen 9001 <VirtualHost *:9001> ServerAdmin root@localhost DocumentRoot /mnt/work/httpd <Directory "/mnt/work/httpd"> Options FollowSymLinks AllowOverride AuthConfig </Directory> SSLEngine On SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP SSLCertificateKeyFile /etc/httpd/www.test.example.com.key SSLCertificateFile /etc/httpd/www.test.example.com.crt RewriteCond %{HTTPS} off RewriteRule (.*) https://www.test.example.com:9002%{REQUEST_URI}

and your .htaccess file should look like this

 AuthType Digest AuthName "Protected" AuthDigestProvider file AuthGroupFile /dev/null AuthUserFile /mnt/work/httpd/digest_auth Require user username**
0
source

Source: https://habr.com/ru/post/886258/

More articles:


All Articles