the company i.e. the hosting company

OK I think I found a solution.

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^abc.php$ [example.com...]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^def.php$ [example.com...]

BUT jdMorgan is by far the best at htaccess so any suggestions would be hugely appreciated! Thanks!

Shorter answer:

RewriteEngine on
#
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^(abc|def)\.php$ https://www.example.com/$1.php [R=301,L]

But what is the question?

Jim

Sorry if I was not clear. I wanted to redirect 2 pages i.e.: booking.php and contact.php to their https versions i.e. people should not be able to access the http versions. Looks to me like you've done that. THANKS A MILLION TIMES! And how long have you been writing htaccess files for? I am SO impressed, as is everyone, it seems!

I am confused by the part in bold, as it doesn't match the code.

I need to redirect it to https and I have not included the www subdomain because the Comodo certificate only goes to e.g. [example.com...] i.e without the www.

Good point. How embarrassing! Thanks g1smd!

Hi again. I feel guilty to keep asking but I have looked into the following question before bothering you again. I would be most grateful for any help! The above issue is sorted thanks to you both.

I need all other pages in the website to redirect to their respective http urls in the event that visitors attempt to access the https urls, so for example, requests for [example.com...] and [example.com...] would redirect to http://example.com/ and http://example.com/pagename.php

:) Thanks in advance and in hope! Take care guys

---

Amongst others, I did look at the below URLs but no joy:
[webmasterworld.com ]
[webmasterworld.com ]

Less-short answer:

RewriteEngine on
#
# Redirect http requests for abc.php or def.php to https
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^(abc|def)\.php$ https://www.example.com/$1.php [R=301,L]
#
# Redirect https requests for all resources except for abc.php,
# def.php, and [i]objects included on those pages[/i] back to http
RewriteCond %{SERVER_PORT} =443
RewriteCond $1 !^(abc|def)\.php$
RewriteCond $1 !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

The second rule is an example of one method, and works on a 'typical' site where the types of objects included on pages can be easily enumerated. It is necessary to exclude these objects to avoid getting "Mixed secure/insecure content" warnings when viewing an https page with, for example, image requests being redirected to http.

You may need to expand the list, or perhaps you can remove filetypes you don't include on your secure pages.

Jim

[edit] Corrected as noted below. [/edit]

[edited by: jdMorgan at 1:19 am (utc) on Apr 30, 2010]

Wow thanks! Sorry; just one final clarification...

I have an algorithm - the pseudocode is:

if ($https="on")
{
dynamic file paths referencing all content are all https for the page
}

else
{
dynamic file paths referencing all content are all http for the page
}

so can I skip the line:
RewriteCond $1 !\.gif|jpe?g|png|ico|css|js)$

It seems I can skip it but the opinion of a pro can't be overlooked! What I may not figure out in a few hours you might already know... Thanks so much!

From a post above:

It is necessary to exclude these objects to avoid getting "Mixed secure/insecure content" warnings when viewing an https page with, for example, image requests being redirected to http.

> dynamic file paths referencing all content are all https for the page

Not sure what that means, since filepaths cannot be HTTPS or HTTP... They are filepaths -- paths to files inside the server. URLs can be HTTP or HTTPS, but not files. This does not matter to me, but be very sure that you really are distinguishing between URLs used out on the Web and filepaths used inside your server. It is a very common mistake, for example, to include shared scripts using a URL when a filepath is what is needed. This essentially results in the server having to send an HTTP requests to itself, just to get a file that is directly-accessible in the filesystem. This adds to server load, 'exposes' the script path to the world as a URL, and is unnecessary.

Anyway, that is a side issue. If you see no "mixed secure/insecure content" warnings, then you don't need that exclusion. But you might want to comment it out instead of deleting it, in case you run into that "mixed content" problem again later because of an off-the-shelf script, template, or plug-in, for example.

Jim

THANK YOU! Amazing! Can't wait till I make some money, so I can start to donate!

OH NO!

If I use only the 4 lines of code below things work in IE, FF, Chrome and Opera. Padlocks are shown with no warnings.
RewriteEngine on
# Redirect http requests for abc.php or def.php to https
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^(abc|def)\.php$ [example.com...] [R=301,L]

However, if I add the following 4 lines of code I get a 500 Internal Server Error. If I add them but comment out the "gif jpe?g... line" then they work fine in Google Chrome but the others give mixed content warnings plus IE doesn't load properly ...

# Redirect https requests for all resources except for abc.php,
# def.php, and objects included on those pages back to http
RewriteCond %{SERVER_PORT} =443
RewriteCond $1 !^(abc|def)\.php$
RewriteCond $1 !\.gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

I am totally lost as to why this is happening. I have done the obvious, such as changing example.com to the correct URL etc...

Please do you maybe know why? I am on a shared hosting linux server at Dreamhost if that helps any.

Thanks again

My typo... Sorry.

Should be:

RewriteCond $1 [b]!\.(gi[/b]f|jpe?g|png|ico|css|js)$

I'll also correct this in the post above, so no one else trips on it.

BTW, see your error log file. It will tell you that there was a problem with that regular expression in that line.

Jim

Thanks! Wow! Really appreciate this. Could I quote the htaccess code on my site if I link to your profile and/ or this page? Either way thanks

Jim

How would we handle the situation where we had:

[mysite.com...] and a few similar urls that need to remain
in https.

Hope you can help.

Less-short answer:

RewriteEngine on
#
# Redirect http requests for abc.php or def.php to https
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^(abc|def)\.php$ [example.com...] [R=301,L]
#
# Redirect https requests for all resources except for abc.php,
# def.php, and objects included on those pages back to http
RewriteCond %{SERVER_PORT} =443
RewriteCond $1 !^(abc|def)\.php$
RewriteCond $1 !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

The second rule is an example of one method, and works on a 'typical' site where the types of objects included on pages can be easily enumerated. It is necessary to exclude these objects to avoid getting "Mixed secure/insecure content" warnings when viewing an https page with, for example, image requests being redirected to http.

You may need to expand the list, or perhaps you can remove filetypes you don't include on your secure pages.

Jim

[edit] Corrected as noted below. [/edit]

You would test QUERY_STRING with a preceding RewriteCond, and use positive and negative matches.

Thanks

Could you give me an example if possible...I need the help.

There's several thousand examples in prior posts in this forum.

I'm not being lazy, I'm trying to learn and to solve a big problem for us quickly.

I have done a lot of searching just to find the above.

I dont know if you are a natural at this but I'm not, which is why I was asking for an example if at all possible..but if not...

> [mysite.com...] and a few similar urls that need to remain
in https.

This is not a sufficiently-detailed requirements specification to code from, but for that *exact* request, the code would be something like:

RewriteEngine on
#
# Redirect http requests for abc.php or def.php to https
RewriteCond %{SERVER_PORT} !=443
RewriteCond %{REQUEST_URI}>%{QUERY_STRING} ^/(index\.php)>option=com_wrapper&Itemid=38 
RewriteRule \.php$ https://www.example.com/%1.php [R=301,L]
#
# Redirect https requests for all resources except for abc.php,
# def.php, and objects included on those pages back to http
RewriteCond %{SERVER_PORT} =443
RewriteCond $1>%{QUERY_STRING} !^(index\.php)>option=com_wrapper&Itemid=38
RewriteCond $1 !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

I used two different methods to resolve the currently requested URL-path-plus-query, in order to make the code more-easily extensible for those "similar URLs" you mentioned.

Jim