scanreg Posted June 10, 2012 Share Posted June 10, 2012 I need to force SSL on some subdirectories and on some specific pages in a shopping system The specific pages might be static but they also might be dynamically created through the shopping system I found the following htaccess code to force ssl for an entire domain: http://wiki.dreamhost.com/Htaccess_file_overview SSLOptions +StrictRequire SSLRequireSSL SSLRequire %{HTTP_HOST} eq "site.com" #or www.site.com ErrorDocument 403 https://site.com 1. How can I get this to cover both http://site.com and http://www.site.com ? Should I just add a dot in front of the domain?: SSLOptions +StrictRequire SSLRequireSSL ###SSLRequire %{HTTP_HOST} eq "site.com" #or www.site.com SSLRequire %{HTTP_HOST} eq ".site.com" #or www.site.com ErrorDocument 403 https://www.site.com 2. How can I get this to cover the specific dynamically generated shopping cart pages that I need? Not all cart product pages, just several specific ones. I'm guessing this would be some sort of Rewrite feature in the htaccess file. I found the following: http://www.phpfreaks.com/forums/index.php?topic=320065.msg1508331#msg1508331 RewriteEngine On # Send everyone in these dirs and pages to https RewriteCond %{HTTP_HOST} ^www\.somewebsite\.com$ [NC] RewriteCond %{REQUEST_URI} clubs [OR,NC] RewriteCond %{REQUEST_URI} dealer/ [OR,NC] RewriteCond %{REQUEST_URI} login.html [OR,NC] RewriteCond %{REQUEST_URI} dealer_registration.html [OR,NC] RewriteCond %{REQUEST_URI} club_registration.html [OR,NC] RewriteCond %{REQUEST_URI} contact.html [OR,NC] RewriteCond %{REQUEST_URI} dealer_club_contact.html [OR,NC] RewriteCond %{REQUEST_URI} members [OR,NC] RewriteCond %{REQUEST_URI} secure/ [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L,QSA] However, is there a way to force ssl for specific dynamic product pages in a shopping cart using SSLRequireSSL instead of mod_rewrite? According to the first thread mentioned, Apache gives mod_ssl priority over mod_rewrite, thus the interest in forcing all SSL using htaccess and mod_ssl Thanks Quote Link to comment https://forums.phpfreaks.com/topic/263948-force-ssl-using-htaccess-specified/ Share on other sites More sharing options...
kicken Posted June 10, 2012 Share Posted June 10, 2012 1. How can I get this to cover both http://site.com and http://www.site.com ? Should I just add a dot in front of the domain?: If I am understanding the manual entry for SSLRequire you should be able to do the following check to allow for both www.site.com and site.com. You could extend it for any sub domain if you wanted as well by altering the regex SSLRequire %{HTTP_HOST} =~ m/(www\.)?site.com$/ 2. How can I get this to cover the specific dynamically generated shopping cart pages that I need? Not all cart product pages, just several specific ones. I'm guessing this would be some sort of Rewrite feature in the htaccess file. I found the following: If possible, it might be easier to keep everything that needs to be over SSL in the same sub-directory and just require ssl for that directory. Perhaps someone a bit more familiar with rewriting could provide some rewrite based options. Another thing you could do is just force everyone to use SSL for the entire site rather than try and pick-n-choose just specific pages. Quote Link to comment https://forums.phpfreaks.com/topic/263948-force-ssl-using-htaccess-specified/#findComment-1352716 Share on other sites More sharing options...
scanreg Posted June 11, 2012 Author Share Posted June 11, 2012 2. How can I get this to cover the specific dynamically generated shopping cart pages that I need? Not all cart product pages, just several specific ones. I'm guessing this would be some sort of Rewrite feature in the htaccess file. I found the following: If possible, it might be easier to keep everything that needs to be over SSL in the same sub-directory and just require ssl for that directory. Perhaps someone a bit more familiar with rewriting could provide some rewrite based options. Another thing you could do is just force everyone to use SSL for the entire site rather than try and pick-n-choose just specific pages. I wish I could (1) have a secure directory to store those items in but no luck, gotta rely on the dynamic shopping cart pages for those items and (2) run the whole site via SSL, but no luck, gotta have a non-ssl home page and the generic info pages and most product pages Here is an example of the dynamic item page URL: http://www.mysite.com/index.php?main_page=product_info&cPath=22&products_id=34 Think I could do something like this? : SSLOptions +StrictRequire SSLRequireSSL ###SSLRequire %{HTTP_HOST} eq "site.com" #or www.site.com ###SSLRequire %{HTTP_HOST} =~ m/(www\.)?site.com$/ SSLRequire %{HTTP_HOST} =~ m/(www\.)?site.com/index.php?main_page=product_info&cPath=22&products_id=34$/ ErrorDocument 403 https://www.site.com/403.shtml However, sometimes there is a session id on the end too, not sure how to allow the session id, which changes per user Thanks Quote Link to comment https://forums.phpfreaks.com/topic/263948-force-ssl-using-htaccess-specified/#findComment-1352998 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.