Hi,
this is yet another .htaccess question. And I already did my literature review. Would appreciate any help.
Requirements:
- Force HTTPS only for a few URLs.
- Browser shouldn't say partially encrypted page for SSL pages.
I am using CodeIgnitor and tweaked the *base_url* in config.php to:
$config['base_url'] = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 'https://' : 'http://' ;
$config['base_url'] .= $_SERVER['HTTP_HOST'];
$config['base_url'] .= preg_replace('@/+$@','',dirname($_SERVER['SCRIPT_NAME'])).'/';
So, if a URL is accessed with https:// all links contained in it would also be on HTTPS this is to avoid "partially encrypted page" issue.
I started with the following htaccess code:
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)/(abc|xyz|pqr)(.*)$ https://%{HTTP_HOST}/cart/$2$3 [R=301,NC,L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^(.*)/(abc|xyz|pqr)(.*)$ [NC]
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]
With this any URL having abc, xyz or pqr will be redirected to HTTPS and any URL not having it will be forced back to HTTP.
This worked well, the only issue with this is that it is not able to avoid "partially encrypted page" issue. For example if I go for url http://www.example.com/abc/index.php, it will be redirected to https://www.example.com/abc/index.php. But the links on this page say https://www.example.com/images/logo.png, will be changed to HTTP because of the latter rewrite rule. Thereby making the page partially encrypted.
I also tried adding *http_referer* check like this to solve this issue, but obviously that wont solve the issue. Because any clicks coming from a HTTPS page would never get converted to HTTP.
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)/(abc|xyz|pqr)(.*)$ https://%{HTTP_HOST}/cart/$2$3 [R=301,NC,L]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_REFERER} !^(https)(.*)$
RewriteCond %{REQUEST_URI} !^(.*)/(abc|xyz|pqr)(.*)$ [NC]
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]
Just want to know if there's a better approach available to this simple problem or am I doing it the wrong way. Will using CI hooks instead of .htaccess solve this?
Thanks in advance