Force users to use SSL for a specific dir

Forum Moderators: phranque

Message Too Old, No Replies

Force users to use SSL for a specific dir

pjdelsh007

2:09 pm on Mar 10, 2008 (gmt 0)

How can I restrict users to SSL for a specific directory?

I want to permit SSL only to [mydomain.com...] and block non-SSL to [mydomain.com...]

I've tried these in both http.conf and .htaccess but with no luck.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} !^https
RewriteRule ^index.html$ [mydomain.com...] [R,L]

RewriteEngine On
RewriteRule ^/$ /index.html
RewriteCond %{SERVER_PORT}!443$
RewriteRule ^(.*) [mydomain:443$1...] [R=301,L]

Platform:
Win2K3 SP2
Apache 2.2
Tomcat 6 (with mod_jk)

jdMorgan

2:25 pm on Mar 10, 2008 (gmt 0)

If you want to take action only when a resource in /directory1 is requested, then the ruleset must check for /directory1:


RewriteEngine on
RewriteCond %{SERVER_PORT} !443$
RewriteRule ^/?(directory1/.*) https://www.example.com/$1 [R=301,L]

There are several other ways to do this, especially if you have access to httpd.conf. The method above is simply the shortest example.

Flush your browser cache before testing. If you put the code in httpd.conf, then restart your server before testing. This code should work in htppd.conf or in example.com/.htaccess.

Jim

pjdelsh007

7:26 pm on Mar 12, 2008 (gmt 0)

Thanks Jim.

What does [R=301,L] vs. [L,R] do?

If this is a dumb Q, please direct me to the documentation. Thanks again.

-PJ

jdMorgan

11:35 pm on Mar 12, 2008 (gmt 0)

Not a dumb question at all, but something to be researched [google.com], rather than asked here... :)

See also the documents cited in our forum charter, and the examples in threads in our forum library.

Jim