Archive

Posts Tagged ‘users’

Forcing ssl to particular page and non-ssl to other pages

March 14th, 2013 2 comments

In projects we may need to make sure some of the urls are only accessible from ssl (https). It’s really useful for user sections. And rest of the url should browse from non-ssl (http) link. It can be done with a small htaccess rules.

Here is htaccess hack to do:

#SSL for some pages
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_FILENAME} !index\.php$ [NC]
RewriteCond %{REQUEST_URI} ^/(signin|signup|account) [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

In this block we are checking for ssl off and some url, if match we redirect the user to same url in ssl version.


#SSL off for some pages
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_FILENAME} !index\.php$ [NC]
RewriteCond %{REQUEST_URI} !^/(signin|signup|account) [NC]
RewriteCond %{REQUEST_URI} !^/(api) [NC] #allow this url from both ssl and non-ssl
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

In this block we are checking for ssl on and some url, if match we redirect the user to same url in non-ssl version. Here u may notice we are using a extra check ( RewriteCond %{REQUEST_URI} !^/(api) [NC] ) , it’s because in project we may need some url those accisable from both ssl and non-ssl.

53 queries in 0.192 seconds