homepage Welcome to WebmasterWorld Guest from 54.205.119.163
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
cpu and ssl, only some pages with ssl
helenp




msg:4524208
 8:54 pm on Dec 1, 2012 (gmt 0)

Hi,
I have just bought a ssl certificate, and not sure if true, but I think I read that pages https take more cpu than normal http.
I am on a shared host, and considering the cpu and if searchengines see https diferent as http, Im not sure if I should serve all pages or only some as https.

I think only on some but the problem is how, I suppose I would have to do a redirection from http to https, but does that work if the person instead of finishing the purchase and leave the site, goes to another page that is no suppse to be https.

Any thoughts?

 

dmorison




msg:4525314
 1:44 pm on Dec 5, 2012 (gmt 0)

Hi Helen,

It's certainly true that an https page will take more cpu to serve than an unencrypted page - by how much or how significantly and at what level of traffic it could become an issue is difficult to quantify but it's straight forward to ensure that only parts of your website are served as https if required.

A common set-up is that www.example.com is entirely http only, with a secure customer area running on a sub-domain e.g. customer.example.com that is entirely https only.

However if you're not using sub-domains you can still ensure that only some of your pages are served using https using .htaccess rules.

Let's say you have a shopping cart script running inside the sub-directory /cart/ of your website, and you want to ensure that it is only accessed over https, you could add the following to your top level .htaccess


RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/cart
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{REQUEST_URI} ^!/cart
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}


However, that only serves as a fall-back - it's still important with something like the above in place that all links between the http and https parts of your site are host absolute, e.g. a link from the home page to view basket might be


<a href='https://www.example.com/cart/mybasket.php'>My Basket</a>


...and similarly any links out from https pages back to non https must also be host absolute e.g.


<a href='http://www.example.com/'>Home</a>


From a code bulk / page size point of view it might not be desirable to have every link in, say, your common header and footer to be host absolute but if this happens to be PHP (similar methods would be possible in any other scripting language) a common header script that was included on both http and https pages could be made to include the host only on https pages, using for example:


<?php
// add this at the top of the script for efficiency rather than doing the full test every link!
$isHTTPS = (isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] != "") && ($_SERVER["HTTPS"] != "off"));
?>
<a href='<?php print ($isHTTPS?"http://www.example.com":""); ?>/about-us.php'>About Us</a>


Hope this helps!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved