I have done a bunch of looking on how to do this and none of them made much sense. Is there someone that can guide me to a place where I can figure out how to do this. I just added https to my website so I have both a http and https site. I wanted to start using the form in https , but have no problem with using the whole site https but how do I direct users looking for http to the https site ?
If the form is loading in HTTP and submits to HTTPS, this isn’t as secure as loading both in HTTPS, but better than not loading either in HTTPS. What exactly is the problem, though? As long as the form has action=“https://www.domain.com/formpage.php”, it should submit via HTTPS.
Depending upon what language you’re using, there are a variety of ways that you can load all pages of the site via HTTP except the form page and the form-action page (if different from form page).
The US Government recently declared that all federal websites should load all pages via HTTPS no later than 31 DEC 2016. This is a secure idea, but loading EVERY page through TLS/SSL (HTTPS) is high overhead. But, again, you can write code that will make sure that every page loads HTTPS using a redirect to the same page if the protocol is HTTP.
HTH,
UPDATE: It did just occur to me - if the site is loading via SHARED hosting and is using shared SSL (which points to the domain of the hosting service, not your domain), there there could be issues as some browsers (esp IE) will point out to the user that the connection is encrypted, but could be a spoof as the cert is not for that domain. Just my $0.03582 worth.
On my site i have a bit of htaccess code which will redirect any http requests to https for specific folders (i have a folder for my forms). if you want to try it i can copy it out for you
That would be great.
here you go…
I can’t claim to have written this so thanks to the people that did. It’s mostly the top bit you want but i left in the bit of code i also use for being able to get rid of .php extension (Although it will need fastcgi to run) so you can just do example.com/form rather than example.com/form.php. It also keeps any variables so you can still do example.com/form?var=example. hope that works for you
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} yourfolder
RewriteRule ^(.*)$ https://www.example.com/yourfolder/$1 [R,L]
# If a script is called without .php extension, but with /variables
RewriteCond %{REQUEST_FILENAME}.php -f
#RewriteRule ^([a-zA-Z0-9\._-]*)?/(.*)$ $1.php [QSA,E=PATH_INFO:/$2,L]
RewriteRule ^([a-zA-Z0-9\._-]*)?/(.*)$ $1.php/$2 [QSA,E=PATH_INFO:/$2,L]
# If a script is called without .php extension, and without /variables
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*)$ $1.php [QSA,L]
# Fix PHP Authentication with FastCGI mode
RewriteCond %{HTTP:Authorization} !''
RewriteRule .*php - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.