Rewrite https to http for non-secure pages

New to mod_rewrite? This is a good place to start.

Rewrite https to http for non-secure pages

Postby chaosn » Fri Jul 24, 2009 7:59 am

Hi,

I'm trying to rewrite https to http for the non-secure pages of my site to prevent the users from receiving a "This page contains secure and non-secure items" pop-up warning. The store section of the site is the only part that needs to be https/secure.

Here's what I have so far:

RewriteCond %{SERVER_PORT} ^443$
#RewriteRule !^(index\.php\?option=com_wrapper&view=wrapper&Itemid=42)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

So what I think this should do is if the link has https and does not have "index\.php\?option=com_wrapper&view=wrapper&Itemid=42" then it should rewrite as http.

Currently, it rewrites all URLs to http. Even the store pages which use to be https.

Maybe there's a problem with my regular expression?

Any help would be greatly appreciated.

Thanks!
chaosn
 
Posts: 2
Joined: Fri Jul 24, 2009 7:57 am

Postby richardk » Fri Jul 24, 2009 12:54 pm

Query strings are matches with RewriteConds and the %{QUERY_STRING} variable.

Try
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} !^/index\.php$ [NC,OR]
RewriteCond %{QUERY_STRING} !^(.*&)?option=com_wrapper(&.*)?$ [NC,OR]
RewriteCond %{QUERY_STRING} !^(.*&)?view=wrapper(&.*)?$ [NC,OR]
RewriteCond %{QUERY_STRING} !^(.*&)?Itemid=42(&.*)?$ [NC]
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby chaosn » Mon Jul 27, 2009 6:45 am

Thanks! That successfully rewrote the url from https to http for non-secure pages.

Do you know of anyway to transfer everything over https when on a secure (say ecommerce page) page to prevent IE from displaying the pop-up warning saying "you have secure and non-secure elements on this page. do you want to continue?"

Is it something I need to do within my .htaccess file?

Thanks again.
chaosn
 
Posts: 2
Joined: Fri Jul 24, 2009 7:57 am

Postby richardk » Mon Jul 27, 2009 8:32 am

If the links in the page do not include the domain they will use the current protocol. The mod_rewrite will need changing to
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{SERVER_PORT} ^443$
# And the referer is not empty or from https://
RewriteCond %{HTTP_REFERER} !^(https://.+)?$ [NC]
RewriteCond %{REQUEST_URI} !^/index\.php$ [NC,OR]
RewriteCond %{QUERY_STRING} !^(.*&)?option=com_wrapper(&.*)?$ [NC,OR]
RewriteCond %{QUERY_STRING} !^(.*&)?view=wrapper(&.*)?$ [NC,OR]
RewriteCond %{QUERY_STRING} !^(.*&)?Itemid=42(&.*)?$ [NC]
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am


Return to Beginner's Corner

Who is online

Users browsing this forum: No registered users and 33 guests

cron