grahamgr3 Posted June 11, 2015 Share Posted June 11, 2015 I have a website that I am going to turn into a store and I am reading your book. It says that it might be best to use an ssl connection only on pages where it is needed. I don't know how to implement ssl only on specific pages. How do we do that. Right now I only know how to either add it to every page using the .htaccess file or not at all. What code do I use to only make some pages secure? Because if I only use https on some links, if I click on a page of my site that doesn't have https and then click on a page that does, my browser then makes all the other links I click on in my site use https too. Is that normal. That is also after I remove my .htaccess code that makes all pages contain https. Link to comment Share on other sites More sharing options...
Larry Posted June 13, 2015 Share Posted June 13, 2015 The easiest and safest route is to just use SSL on all pages, forcing it in your .htaccess. Otherwise, to have some pages be SSL and others not, you need to use absolute URLs so that all links go to the HTTPS or HTTP version accordingly, and then you would enforce HTTPS for certain pages in your .htaccess. Link to comment Share on other sites More sharing options...
CraneWing Posted September 6, 2015 Share Posted September 6, 2015 I am trying to do this in the tutorial for the coffee shop site. I have set up a virtual host on my computer's Apache server called clever-coffee.net. It is listening on Port 80. Where I am tripped up is going to the checkout page for the coffee shop. I wanted to do as the original poster did, which was have all pages unsecure (http) until checking out, and then go to https. I have done a lot of Googling and searcing Stack Overflow and can't find a solution to "hand off" from http to https. I thought that the .htaccess file and the Apache vhosts-httpd.conf files were the key. However, no matter what I read and tried, I can't shift to https. This is my .htaccess file: <IfModule mod_rewrite.c> Options +FollowSymLinks -Multiviews RewriteEngine On RewriteBase / # this prevents access to "html" systems folder to 403 Forbidden RedirectMatch 403 ^.*/html/index\.php$ # Check to see if user is attempting to access valid file, # such as image or css document. # If false, sends request to index.php. RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # sales: RewriteRule ^shop/sales/?$ sales.php # primary categories: RewriteRule ^shop/(coffee|goodies)/?$ /shop.php?type=$1 # specific products: RewriteRule ^browse/(coffee|goodies)/([A-Za-z\+\-]+)/([0-9]+)/?$ browse.php?type=$1&category=$2&id=$3 # For HTTPS pages: RewriteRule %{HTTPS} off RewriteRule ^(checkout\.php|billing\.php|final\.php|admin/(.*))$ https://%{HTTP_HOST}/$1 [R=301,L]</IfModule><IfModule !mod_rewrite.c> # If mod_rewrite is not installed, all 404s can be send to index.php ErrorDocument 404 /index.php</IfModule> And httpd-vhosts file: <VirtualHost *:80>DocumentRoot "/usr/docs/clever-coffee.net"ServerName clever-coffee.netServerAlias www.clever-coffee.net<Directory "/usr/docs/clever-coffee.net">AllowOverride AllRequire local</Directory></VirtualHost>NameVirtualHost *:443<VirtualHost *:443>DocumentRoot "/usr/docs/clever-coffee.net"ServerName clever-coffee.netServerAlias www.clever-coffee.netSSLCertificateFile "/private/etc/apache2/ssl/clever-coffee.net.crt"SSLCertificateKeyFile "/private/etc/apache2/ssl/clever-coffee.net.key"<Directory "/usr/docs/clever-coffee.net">AllowOverride AllRequire local</Directory></VirtualHost> Link to comment Share on other sites More sharing options...
Larry Posted September 7, 2015 Share Posted September 7, 2015 I'd first confirm that going to an HTTPS address directly works, just to determine whether this is an issue with your redirect or with your HTTPS setup. Second, keep in mind the .htaccess file is just supposed to prevent accidental non-secure access to certain pages. Your HTML should use HTTPS in the links to those pages. Link to comment Share on other sites More sharing options...
Recommended Posts