How do I enable https only on certain pages with h

2019-03-28 11:02发布

站内问答 / 前端开发
1580 3 4

I have an ecommerce site, and I want to enable https only on the ecommerce section of the site located at https://mysite.com/buy

Since all of the links on my pages are relative, when someone visits http://mysite.com and clicks on Buy, they are taken to http://mysite.com/buy

Also, if they visit https://mysite.com/buy and click on a link to another page, they are taken to https://mysite.com.

The reason I want https only on that one section is because I have external elements (i.e. Google Maps, Youtube, Twitter, etc) that cannot be sent over https.

Is there a way with htaccess that I can make the /buy directory force https, but every other page force http?

Edit: In case anyone is interested, I was able to solve this using PHP. I would still prefer an htaccess solution, but this will work for now:

if($_SERVER['HTTPS'] == "on") {
    if(strpos($_SERVER['REQUEST_URI'],"buy") === false) {
        Header("Location: http://$_SERVER['HTTP_HOST']."".$_SERVER['REQUEST_URI']");
    }
}

3条回答
Emotional °昔
2楼-- · 2019-03-28 11:27

Try this in your .htaccess file:

Options +FollowSymLinks
RewriteEngine on

# redirect for http /buy page
RewriteCond %{SERVER_PORT} =80
RewriteRule ^buy/?$ https://mysite.com/buy [R=301,QSA,L,NE]

# redirect for https non /buy pages
RewriteCond %{SERVER_PORT} =443
RewriteCond %{REQUEST_URI} !^/buy [NC]
RewriteRule ^/?(.*)$ http://mysite.com/$1 [R=301,QSA,L,NE]

R=301 will redirect with https status 301
L will make last rule
NE is for no escaping query string
QSA will append your existing query parameters
NC is for ignore case comparison

$1 is your REQUEST_URI

查看更多
0人赞 添加讨论(0) 举报
倾城 Initia
3楼-- · 2019-03-28 11:29

I don't have hands on experience, but from what I see, it looks like the htaccess configuration file should impact only the files in the folder in which the file is stored.

So you should be able to do something like this:

http://www.besthostratings.com/articles/force-ssl-htaccess.html

And put it in the /buy folder of your site.

查看更多
0人赞 添加讨论(0) 举报
太酷不给撩
4楼-- · 2019-03-28 11:30

If your web page is hosted on 9001 port just enable any port on your linux box and make these changes in /etc/httpd/conf.d/ssl.conf.Then set your Listen Port to 9002 and create SSL certificate and key and put following configuration in your httpd.conf file 

Listen 9001
<VirtualHost *:9001>
ServerAdmin root@localhost
DocumentRoot /mnt/work/httpd
<Directory "/mnt/work/httpd">
Options FollowSymLinks
 AllowOverride AuthConfig
</Directory>
  SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateKeyFile /etc/httpd/www.test.example.com.key
SSLCertificateFile /etc/httpd/www.test.example.com.crt
RewriteCond %{HTTPS} off
RewriteRule (.*) https://www.test.example.com:9002%{REQUEST_URI}

and your .htaccess file should look like this 

AuthType Digest
AuthName "Protected"
AuthDigestProvider file
AuthGroupFile /dev/null
AuthUserFile /mnt/work/httpd/digest_auth
Require user username**
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)