SSL setup

[andy1212]

I just purchased an SSL cert and dedicated IP and the way I set it up before was that I'd put this code at the top of each page,

 

for non https pages:

if ($_SERVER['SERVER_PORT']!=80) {
   $url = "http://".$_SERVER['SERVER_NAME'].":80".$_SERVER['REQUEST_URL'];
   header('Location: $url');
}

for https pages

if ($_SERVER['SERVER_PORT']!=443) {
   $url = "http://".$_SERVER['SERVER_NAME'].":443".$_SERVER['REQUEST_URL'];
   header('Location: $url');
}

So doing that before was a big job because I had to go into every page add the code at the top and then save and upload to the server and now when trying to do that it doesn't seem to be working properly. But I did some searching and alot of people say that you don't need to set it up with any pages it needs to be setup on the server, so I really want to know how to do it that way. I couldn't find a tutorial on how to do this but If someone knows of one or knows how to accomplish setting up the SSL cert with a website and can give me steps on how that would be great. Pretty much I just want to have the login, register, forgot pass, account and shopping cart pages to all start with https and show that the pages are secured with the key or box in the url bar of the browser and all my backend pages to have that too and all the other pages just have http. Thanks for your time and help in advance.

Edited July 23, 2013 by andy1212

[andy1212]

... cricket, cricket

[trq]

Google returned 444000 results for me searching the term "apache redirect all traffic to https". Are none of these useful?

[andy1212]

well i don't want to redirect all traffic to https just some pages I'd like to change from http to https when viewed. Can that be don't through apache redirect?

[andy1212]

would the https pages need to be in a seperate folder or can this be done without putting the pages that I want https in a separate folder but instead in the same place as http pages. btw thanks for the reply!

Edited July 23, 2013 by andy1212

[kicken]

It'd make it much easier if you isolate them to their own folder, as then you could just apply a blanket rule to all pages in that folder.

 

You could however do it on a page-by-page basis if you really need to by including extra conditions in your mod_rewrite rules.

[andy1212]

hey thanks for the reply, I ended up putting them in their own folder and I'll do the apache redirect for that folder. Thanks!

 

I tried marking you both as solved but didn't work, only would let me mark one.

Edited July 23, 2013 by andy1212

[trq]

Why would you want some content served with https and some with http? Just serve everything via https.

[andy1212]

Because i dont want the whole website encrypted and decrypted and slowed down on the account of https, i just want pages where sensitive information is transfered to be https.

[andy1212]

For instance if you go to google search its an http page with no ssl encryption. Then if you go to gmail.com to login it is https and ssl encrypted. And thats the way alot of successful websites do it so there must be a reason behind it and the best reason ive found is because of the speed with https and http.

Edited July 23, 2013 by andy1212

[kicken]

SSL is not going to significantly slow down your site, and having it always on makes for a nice re-assurance to end users. Google is always-on SSL, so is Facebook. They both do that because the realized it's silly to try and only use SSL for certain pages, and easier to just have it always on. I've setup my own site to be always-on SSL as well for the same reason.

 

End users like seeing that SSL is enabled and their traffic is encrypted. Enabling it always is going to make users feel safer on your site.

[trq]

For instance if you go to google search its an http page with no ssl encryption. Then if you go to gmail.com to login it is https and ssl encrypted. And thats the way alot of successful websites do it so there must be a reason behind it and the best reason ive found is because of the speed with https and http.

Google and Gmail are two different sites. Most successful websites have moved entirely to https. Looks at facebook, twitter and github.

 

As kicken said, "SSL is not going to significantly slow down your site" & "End users like seeing that SSL is enabled and their traffic is encrypted. Enabling it always is going to make users feel safer on your site."

[andy1212]

Awesome! I ended up putting all pages that need the https:// in the url in their own directory called "secure" and putting in the .htaccess file,

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/secure/?.*$
RewriteRule ^(.*)$ https://www.website.com/$1 [R=301,L]

Now if it's not too much trouble, can I direct you guys over to this thread where I really need help, this issue here wasn't to hard to figure out but the real problem is here, and started a new thread to see if there is a better way to do it here. Thanks!