Force https using htaccess

Hi Guys!

I wasn’t sure where to post this - i’m not convinced this is the right place :confused:

Anyway, what I need to do is force a secure connection (https) on the following pages: checkout.php, login.php, myaccount.php.

All other pages should be forced to a http connection.

Any ideas how to do this using mod_rewrite?


RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} ^checkout\\.php
RewriteRule .? https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

I’ll leave the addition of both login.php and checkout.php as an exercise to you :slight_smile:

Hi ScallioXTX,

Unfortunately, the above code doesn’t seem to work for me. Don’t get any errors, but it just doesn’t send the user to https when they request a http url.

Did you request checkout.php?
That’s the only URL it currently works for :slight_smile:

Yes I requested http://www.mydomain.com/checkout.php

Ah yes there should be a / in front of checkout.php
My bad


RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} ^/checkout\\.php
RewriteRule .? https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

:slight_smile:

Perfect that works now thanks :slight_smile:

The only other thing is that when they click on another link it stays as a https connection. Is there a way so that when a user clicks any other url that the ones specified it goes back to a http connection?

Thanks

If you put a ! in front of ^/checkout\.php that negates the statement. i.e., it means “if the request_uri is not checkout.php”

With that information you should be able to come up with the answer to your question. If not, let me know :slight_smile:

Would it be something like this?

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} ^/checkout\\.php
RewriteRule .? https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_URI} !^/checkout\\.php
RewriteRule .? http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Yes :Partier:

Just as I tip: I always leave a blank line after every RewriteRule, makes it easier to read the .htaccess


RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} ^/checkout\\.php
RewriteRule .? https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{REQUEST_URI} !^/checkout\\.php
RewriteRule .? http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Hehe, oops, there seems to be a slight problem with my code. Error I get in Firefox:

The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

Ah yes, you need to check that HTTPS is on in the second block, otherwise it’s LOOPY:


RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} ^/checkout\\.php
RewriteRule .? https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/checkout\\.php
RewriteRule .? http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

:slight_smile:

For some reason when I add a new condition, it breaks and doesn’t seem to work. See below.


RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} ^/checkout\\.php
RewriteCond %{REQUEST_URI} ^/login\\.php
RewriteRule .? https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteConds are ANDed together by default, so your code is now saying: request_uri equals checkout.php AND request_uri equals login.php
Since request_uri only has one value this can never be the case.

Instead, you’d need to change the regular expression:


RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} ^/(checkout|login)\\.php
RewriteRule .? https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Thanks, that works good now. Only thing is all of the background images (in the css file) cause FireFox to say that the connection is not secure (when using https). I.e. the background images are on a http connection. Any idea what would cause this problem? I believe it’s probably got something to do with one of those rules…

Ps. I am using relative links in my css file.

Yes the second rule is rewriting images and other assets to http instead of https. You’d need to add another RewriteCond to prevent that.