I have an ecommerce site, and I want to enable https only on the ecommerce section of the site located at https://mysite.com/buy
Since all of the links on my pages are relative, when someone visits http://mysite.com and clicks on Buy, they are taken to http://mysite.com/buy
Also, if they visit https://mysite.com/buy and click on a link to another page, they are taken to https://mysite.com.
The reason I want https only on that one section is because I have external elements (i.e. Google Maps, Youtube, Twitter, etc) that cannot be sent over https.
Is there a way with htaccess that I can make the /buy directory force https, but every other page force http?
Edit:
In case anyone is interested, I was able to solve this using PHP. I would still prefer an htaccess solution, but this will work for now:
if($_SERVER['HTTPS'] == "on") {
if(strpos($_SERVER['REQUEST_URI'],"buy") === false) {
Header("Location: http://$_SERVER['HTTP_HOST']."".$_SERVER['REQUEST_URI']");
}
}
Try this in your .htaccess file:
Options +FollowSymLinks
RewriteEngine on
# redirect for http /buy page
RewriteCond %{SERVER_PORT} =80
RewriteRule ^buy/?$ https://mysite.com/buy [R=301,QSA,L,NE]
# redirect for https non /buy pages
RewriteCond %{SERVER_PORT} =443
RewriteCond %{REQUEST_URI} !^/buy [NC]
RewriteRule ^/?(.*)$ http://mysite.com/$1 [R=301,QSA,L,NE]
R=301 will redirect with https status 301
L will make last rule
NE is for no escaping query string
QSA will append your existing query parameters
NC is for ignore case comparison
$1 is your REQUEST_URI
I don't have hands on experience, but from what I see, it looks like the htaccess configuration file should impact only the files in the folder in which the file is stored.
So you should be able to do something like this:
http://www.besthostratings.com/articles/force-ssl-htaccess.html
And put it in the /buy folder of your site.
If your web page is hosted on 9001 port just enable any port on your linux box and make these changes in /etc/httpd/conf.d/ssl.conf.Then set your Listen Port to 9002 and create SSL certificate and key and put following configuration in your httpd.conf file
Listen 9001
<VirtualHost *:9001>
ServerAdmin root@localhost
DocumentRoot /mnt/work/httpd
<Directory "/mnt/work/httpd">
Options FollowSymLinks
AllowOverride AuthConfig
</Directory>
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateKeyFile /etc/httpd/www.test.example.com.key
SSLCertificateFile /etc/httpd/www.test.example.com.crt
RewriteCond %{HTTPS} off
RewriteRule (.*) https://www.test.example.com:9002%{REQUEST_URI}
and your .htaccess file should look like this
AuthType Digest
AuthName "Protected"
AuthDigestProvider file
AuthGroupFile /dev/null
AuthUserFile /mnt/work/httpd/digest_auth
Require user username**
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 三岁会撩人 的文章《How do I enable https only on certain pages with h》','https://www.manongdao.com/article-629338.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}