Home > Apache, htaccess, Programming, Programming Help > Forcing ssl to particular page and non-ssl to other pages

Forcing ssl to particular page and non-ssl to other pages

In projects we may need to make sure some of the urls are only accessible from ssl (https). It’s really useful for user sections. And rest of the url should browse from non-ssl (http) link. It can be done with a small htaccess rules.

Here is htaccess hack to do:

#SSL for some pages
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_FILENAME} !index\.php$ [NC]
RewriteCond %{REQUEST_URI} ^/(signin|signup|account) [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

In this block we are checking for ssl off and some url, if match we redirect the user to same url in ssl version.


#SSL off for some pages
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_FILENAME} !index\.php$ [NC]
RewriteCond %{REQUEST_URI} !^/(signin|signup|account) [NC]
RewriteCond %{REQUEST_URI} !^/(api) [NC] #allow this url from both ssl and non-ssl
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

In this block we are checking for ssl on and some url, if match we redirect the user to same url in non-ssl version. Here u may notice we are using a extra check ( RewriteCond %{REQUEST_URI} !^/(api) [NC] ) , it’s because in project we may need some url those accisable from both ssl and non-ssl.


Views :1847
  1. June 21st, 2013 at 11:41 | #1

    This is very good article. Author chosen a good topic.

  2. July 9th, 2013 at 12:13 | #2

    Just want to say thank you, help me alot.

  1. No trackbacks yet.

%d bloggers like this:
61 queries in 2.803 seconds