Hello,
I wrote a rule in my htaccess file. It appears to do what I want but wanted to make sure this was the proper way of doing it. Basically I have a checkout page, its the only page that needs to use ssl. When they go to the page all the other links to the rest of the site now link with the https, which I dont want. I want everything to link back to normal http. So instead of writing code to have some trigger to put the full http url for all the links I wrote this:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !checkout.php
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Is this a ok solution or is there a better more optimized solution?
Looks perfectly fine to me.
The only thing you could change is replace ^(.*)$ with .?
because
a) it doesn’t matter how many characters the requested URL has - so any character will do, even no character at all will do - .?
b) seeing as you don’t use it, you don’t need to create a backreference (created by the parentheses)
Please have a read of the tutorial Article linked in my signature as it has a couple of code snippets for enforcing a secure server. Be sure to read the explanation associated with the one you pick and you’ll be set. If not, come back here with questions.
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} fsignup.php|login.php|edit-settings.php|edit-profile.php|forgot-pass.php
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !signup.php|login.php|edit-settings.php|edit-profile.php|forgot-pass.php
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
It works great, it redirects these listed to https and the others go to non-secure. The only problem is the non-secure ones don’t have http:// in front. Can someone help? Maybe this will help someone else as well.
First, those are NOT correct as there are no Last flags (meaning each block will be ANDed with the previous block - since the RewriteCond %{HTTPS} is either on or off, it can’t be BOTH so the redirection to http MUST FAIL. THEREFORE, each of your mod_rewrite blocks REQUIRE a Last flag. In addition, because SE’s won’t get the message (that the redirect is permanent) without the R=301 flag, even though you can see the redirection, USE the R=301 flag, too. In other words, [R=301,L] should be used at the end of each RewriteRule (after the requisite space, if you please).
Also, it would REALLY help (when I have to edit code to show a problem) to have it wrapped in the forum’s [ code ] … [ /code ]
wrapper.
Edit:
Aw, I almost didn’t see that you didn’t escape the dot characters in your regex, too! You really skimmed that thing, didn’t you?
I do appreciate your help. Its not that I’m being lazy, but that I’m not a coder and even after looking at the tutorials, I’m still somewhat clueless. I would hire someone and I did once, but after I lost my job I had to let them go, and do it all myself. I’ve taught myself enough php to get by, but this is confusing to me. Desperation is a great teacher as I am a graphic designer and printer by trade. Please help me with this last bit if you would.
The code now works in all modern browsers but chrome, and as it is google’s browser I’m a little afraid they are not seeing me right. The other browsers show http://www.doitprint.com, but chrome is still showing www.doitprint.com Please advice. I thank you for your patience.
Okay, first, I’m here as a volunteer NOT to do free coding but to help members learn. It’s the old ‘give a man a fish and he eats for a day but teach him to fish and he’ll be fed for a lifetime.’ To me, anything less is pandering to “script kiddies.”
Now, the browser does NOT make decisions about redirections on the server.
Thanks for using the [ code ] wrapper!
RewriteCond %{HTTP_HOST} !^www.doitprint.com$
RewriteRule ^(.*)$ http://www.doitprint.com/$1 [R=301,L]
[indent]That will KILL any {HTTPS} by redirecting EVERYTHING to http protocol. Because mod_rewrite loops, you're generating a loop - this block is NOT needed![/indent]
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} (forgot-pass\\.php|signup\\.php|login\\.php|edit-profile\\.php|edit-settings\\.php|msgToUser\\.php)$
RewriteRule .? https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
[indent]If you're not using the $1 variable, don't create it![/indent]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !(forgot-pass\\.php|signup\\.php|login\\.php|edit-profile\\.php|edit-settings\\.php|msgToUser\\.php)$
RewriteRule .? http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
[indent]Ditto[/incent]
As above, REMOVE the first block as that will cause a loop.
No it won’t, it will only fire once if the domain does not match. After that the rule won’t do anything at all …
But, the rule could be a bit smarter since you don’t need to match anything at all, just use %{REQUEST_URI}:
Okay, I guess that’s correct. I was thinking about the looping through until no matches are found. So long as the https redirection retains the www, it’s good. :tup: on the .?, too! However, no need for QSA as you’re not creating a new query string (which would have killed any existing query string).
No, the $1 was removed from the :kaioken: EVERYTHING :kaioken: atom’s reference for .? => {%REQUEST_URI}.
