Is it ok to enforce non-secure connection?

hessodreamy · September 9, 2010, 10:20am

I have an e-commerce site which switches to a https connection when a user goes to the shopping cart and starts inputting personal details.

I would like any traffic that is NOT for the shopping cart to go through http, even if the request https. So for example, a request to https://myhomepage.php would be 301 to http://myhomepage.php.

The use of https on, for example, my homepage has lead to certain issues, such as duplicate entries in the google index, and ‘mixed content’ errors calling non secure 3rd party content. All of which are solvable in their own way, but forcing a non https connection would solve them too.

Anyone see any problem with this?

hessodreamy · September 9, 2010, 11:11am

Yeah that’s basically what I was talking about. Any https request to a page which doesn’t need to be https -> 301 to http. The converse (301 http to https) is already done in the user input section.

I couldn’t see a problem with it, but wanted a second opinion.

smftre · September 9, 2010, 10:53am

I think you should just 301 force everything to the http and only keep the user input on the https, you could do a simple header location change and keep the uri and etc intact while redirecting.

You might also want to log into Google Webmaster Tools and adjust the crawl rate to get rid of those duplicated entries.

Topic		Replies	Views
Https continuing on to non https pages Server Config	2	619	April 29, 2011
HTTPS for transaction pages, HTTP for everything else Server Config	2	360	December 9, 2011
Force https using htaccess Server Config	15	1293	February 8, 2011
Help redirecting to HTTPS connection on certain urls Server Config	1	504	November 23, 2011
When to use https Business ecommerce	18	2280	February 23, 2006

Is it ok to enforce non-secure connection?

Related topics