homepage Welcome to WebmasterWorld Guest from 54.205.205.47
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
mod rewrite question
https, ssl, wordpress, wmod rewrite
kmk7




msg:4251072
 9:37 pm on Jan 9, 2011 (gmt 0)

Hi,
I am wanting to secure three pages containing forms on a WordPress site. I've been told I can force SSL with modifications to my .htaccess file. I do not know how to do this.

This is the current code in my .htaccess file:


# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress


I would like to secure these three pages within a website. These pages contain forms created using the Gravity Form WordPress plugin.

our-wines/order-wines/
our-wines/order-holiday-wine-gifts/
wine-club/

Can anyone tell me what code to add and where to add it to make the three pages secure? Thank you as this is new territory for me.


The website I'm working on does have an installed GoDaddy SSL.

Thanks!

Krista

 

jdMorgan




msg:4253312
 3:43 pm on Jan 14, 2011 (gmt 0)

Well, a typical solution would be like this. But it'll do you no good if you do not understand exactly what the code means at three levels: mod_rewrite directives and back-references, regular-expressions patterns, and all resulting effects on your server operation (given your site's current and future URL-space).

Without this understanding, not only will the code be impossible for you to modify, debug, and maintain, it will be positively dangerous to your server operation and search engine rankings. Therefore, I strongly suggest that you spend several hours with the references cited in our Apache Forum Charter, and with the tutorial threads in our Apache Forum Library before attempting to modify and use this code.

RewriteEngine On
RewriteBase /
#
# Redirect non-SSL requests for secure pages to HTTPS URL, fixing missing trailing slash as well
RewriteCond %{SERVER_PORT} !=443
RewriteCond $1 ^(our-wines/order-wines)/?$ [OR]
RewriteCond $1 ^(our-wines/order-holiday-wine-gifts)/?$ [OR]
RewriteCond $1 ^(wine-club)/?$
RewriteRule ^(.+)$ https://www.example.com/%1/ [R=301,L]
#
# Redirect SSL requests for non-secure objects back to HTTP,
# except for objects shared between SSL and non-SSL pages
RewriteCond %{SERVER_PORT} =443
RewriteCond $1 !\.(gif|jpe?g|png|ico|css|js)$
RewriteCond $1 !^our-wines/order-wines/?$
RewriteCond $1 !^our-wines/order-holiday-wine-gifts/?$
RewriteCond $1 !^wine-club/?$
RewriteRule ^(.+)$ http://www.example.com/$1 [R=301,L]
#
# Redirect SSL requests for secure pages to add missing trailing slash
RewriteCond %{SERVER_PORT} =443
RewriteCond $1 ^our-wines/order-wines$ [OR]
RewriteCond $1 ^our-wines/order-holiday-wine-gifts$ [OR]
RewriteCond $1 ^wine-club$
RewriteRule ^(.+)$ https://www.example.com/$1/ [R=301,L]
#
# Redirect non-SSL extensionless-URL requests to add missing trailing slash
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^(([^/]+/)*[^./]+)$ http://www.example.com/$1/ [R=301,L]
#
# Redirect direct client requests for "/index.php" at any directory level back
# to the canonical "/" URL in that directory, preserving requested protocol
RewriteCond %{THE_REQUEST} ^[A-Z]+\ /([^/]+/)+index\.php([?#][^\ ]*)?\ HTTP/
RewriteCond %{SERVER_PORT}s ^(443(s)|[0-9]+s)$
RewriteRule ^(([^/]+/)*)index\.php$ http%2://www.example.com/$1 [R=301,L]
#
# Redirect non-blank, non-canonical hostname requests to canonical
# hostname, preserving requested protocol and URL-path
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteCond %{SERVER_PORT}s ^(443(s)|[0-9]+s)$
RewriteRule ^(.*)$ http%2://www.example.com/$1 [R=301,L]
#
# BEGIN WordPress
# Internally rewrite requests which do not resolve to a physically-existing file or directory
# to the WordPresss script, excluding requests for objects which WP does not create/generate
# and the WP script itself from these 'exists' checks to greatly improve server efficiency
RewriteCond %{REQUEST_URI} !(^/index\.php|\.(gif|jpe?g|png|ico|css|js))$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# End Wordpress

Rule order is critical. See the thread entitled "Proper htaccess order" in our Apache Forum Library for more info.

For more information about the performance tweaks made to the WP code, see the thread "Reducing Costly Rewrites in Wordpress" in our Library.

Be sure to make a backup of this code once you get it modified and working; if you (or your host) "upgrade" or modify your WordPress installation at some time in the future, it will likely over-write this code!

Also remember to delete your browser cache (or disable it) before testing any new server-side code.

Jim

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved