Forum Moderators: phranque
I am trying to figure out how to get .htaccess to put certain areas of my site in to [....] I already ahve the SSL cert installed and on a dedicated IP.
For example I want my entire admin area to go to SSL. mysite.com/admincp/
Then I want certain pages like mysite.com/register.php to go to SSL. Then there are account pages that I would like as well.
Then I need it to go back to http:// when the user leaves thoughs pages to other areas of the site
Any help on this please.
You will need a second set of directives to force http if the URL-path does NOT start with "/admincp" and is NOT /register.php (or any of your other specific SSL files) and the current server_port is not already port 80.
You can do this in various ways, for example, using <Directory> containers in separate SSL/non-SSL <VirtualHost> containers in your server configuration file(s), or using mod_rewrite in .htaccess files.
Basically, you'll need a list of all SSL-only directory URL-paths, plus the all of the special SSL-only page URL-paths such as your register.php page. Switch to https for any of those, and back to http if none of those.
In addition, all objects 'shared' between SSL and non-SSL pages will need to be accessible with either protocol, so that you don't get 'mixed secure and insecure content' warnings. Typically, these include logo and page-template images, CSS files, and external JavaScript files. The easiest way to do this is to link to or include those objects using page-relative or server-relative URLs on your pages, so that the protocol and domain are not specified in the links and therefore stay 'as they were' when the page was loaded.
We have many previous threads here on redirecting between SSL/https and non-SSL/http. Try searching [webmasterworld.com] for those words. Add port 80 and 443 to the search terms if you want to narrow down the results a bit more.
Please review the results, see the references in our Apache Forum Charter and post your best-effort code as a basis for further discussion.
Jim
RewriteEngine On
#
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} admincp
RewriteRule ^(.*)$ https://www.example.com/admincp [R,L]
#
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} /register.php
RewriteRule ^(.*)$ https://www.example.com/register.php [R,L]
#
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} /account.php
RewriteRule ^(.*)$ https://www.example.com/account.php [R,L]
[edited by: jdMorgan at 3:06 am (utc) on April 15, 2009]
[edit reason] Changed to example.com, fixed formatting. [/edit]
RewriteEngine On
# Redirect non-https requests for SSL-only URL-paths to https
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} ^/(admincp/?¦register\.php$¦account\.php$)
RewriteRule ^(.+)$ https://www.example.com/$1 [R=301,L]
#
# Redirect https requests for non-SSL URL-paths to http
RewriteCond %{SERVER_PORT} !^80$
RewriteCond %{REQUEST_URI} !^/(admincp/?¦register\.php$¦account\.php$)
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
Replace the broken pipe "¦" characters with solid pipe characters before use; Posting on this forum modifies the pipe characters.
Jim
