Jump to content

SSL rewrite keeps looping.


deansatch

Recommended Posts

I am trying to force shared SSL on a specific page using htaccess but no matter what I try I keep getting a redirect loop

 

I want visitors to:

 

http://user.mydomain.com/securepage.php

 

to be forced to:

 

https://sharedssl.com/mydomain.com/user/securepage.php

 

Does anyone know a good way to do this? I will have a couple more pages that need to follow this rule as well i.e. securepage2.php and securepage3.php

 

EDIT: I don't want to have to specify the subdomain in my rewrite as this will probably be gone on the final site and I want it to work with or without www.

e.g. I would prefer something like:

^securepage.php etc....

 

Link to comment
https://forums.phpfreaks.com/topic/193764-ssl-rewrite-keeps-looping/
Share on other sites

That's spot on, thanks!

 

If I were to add a few more files, is there a cleaner way than writing that for each one?

 

i.e.

 

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} securepage\.php
RewriteRule .* https://sharedssl.com/mydomain.com/user/securepage.php

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} securepage2\.php
RewriteRule .* https://sharedssl.com/mydomain.com/user/securepage2.php

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} securepage3\.php
RewriteRule .* https://sharedssl.com/mydomain.com/user/securepage3.php

You can try using an optional character class:

 

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} securepage[23]?\.php
RewriteRule securepage([23]?)\.php https://sharedssl.com/mydomain.com/user/securepage$1.php

 

That should mean "securepage; followed by an optional 2 or 3; followed by .php"

Thanks for that - works great!

 

A new problem now though. My ssl certificate doesn't show up if I arrive at the page from one page but it does from another.

 

e.g.

if I am at http://site.com/page/home with the link "/securepage.php" it takes me there and changes to https://etc... but no certificate is shown and clicking on the padlock tells me that some items are not secure.

 

if I am at http://site.com/index.php with the same link "/securepage.php" it takes me there and changes to https:// etc... and the padlock is fine, the certificate shows in the address bar etc.. all perfect.

 

Any ideas what is going on?

When it says some items are not secure, that usually occurs because the page itself is delivered over https but some of the images, javascript, css, or other files are still delivered over http.

 

You can use FireBug in FireFox to figure out which resources are being delivered via HTTP on the HTTPS page.  Chances are you have absolute links or references in your pages that begin with http://

The file paths are all fine - most of which are relative. I forgot to mention that in the first example, when it says some items aren't secure, if I click refresh, it is fine. It only does this when landing on the page from that referring page, but if I come from the other referring page it is 100% securely loaded.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.