| HTTP/HTTPS, without index.php, using htaccess, plus XHR |
[eluser]Phil_B[/eluser]
Removing index.php and forcing HTTP/HTTPS I have read many posts about people trying to force HTTPS for some views and returning to HTTP for others. I struggled with this for a while too but I think this solution is pretty solid. First of all, having your base_url automatically adjust between http and https makes everything much easier. This way all your base_url() and site_url() calls have the proper protocol. Code: $config['base_url'] = "http".((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? "s" : "")."://".$_SERVER['HTTP_HOST'].str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']);Starting with the usual htaccess file: Code: <IfModule mod_rewrite.c>You can then check whether HTTPS is on or not with: Code: RewriteCond %{HTTPS} offFor example, to force HTTPS on all pages you could use the following: Code: RewriteCond %{HTTPS} offTo force HTTPS on some pages: Code: RewriteCond %{HTTPS} offTo return back to HTTP: Code: RewriteCond %{HTTPS} onTo return back to HTTP on all other pages, you need to add exceptions for the pages that are secure: Code: RewriteCond %{HTTPS} offTo avoid a partially encrypted page, you need to add exceptions for any other URIs you might use such as your images or scripts folder. I like to place everything in a folder called 'static' ('static/images', 'static/js', etc) so I only add one exception for that. Code: RewriteCond %{REQUEST_URI} !(static|auth|register|secure)The finished product: Code: <IfModule mod_rewrite.c>HTTPS and XmlHttpRequests (Ajax) Not only do XHR calls throw security errors when you try to load content between domains but also between HTTP and HTTPS. Secondly, the headers passed by apache allow browsers to automatically redirect but the XmlHttpRequest object does not. To solve this you would have to add an exception for any URI that you planned on accessing from one protocol to another. Example: Code: RewriteCond %{REQUEST_URI} !(static|auth|register|secure|categories/get_list|products/get_types)I quickly found out that this became tedious and confusing when I had a lot of requests in a secure environment. Routes to the rescue! By adding the following to your routes file: Code: $route['xhr/(:any)'] = '$1';And adding ‘xhr’ to your list of exceptions; you can now call any URI within your application without changing protocols while still allowing the browser to view that controller using another protocol. Code: RewriteCond %{REQUEST_URI} !(static|xhr|auth|register|secure)I hope this has been helpful! Phil
[eluser]Unknown[/eluser]
Might be a bit late, but this is quite informative. Good post. =]
[eluser]vlad_ci[/eluser]
thank you for bumping this up -- I have not seen this post and it is exactly what I needed
[eluser]terminate[/eluser]
Phil_B's .htaccess is great and I'm an active user of it! I would just drop my two cents. If you follow the rules straight all your static content will be served non SSL which is actually good for performance but will drop a Firefox alert (not all content is encrypted) and you will not get the blue/green bar. Just a small change to make the static content, under encrypted pages, be encrypted served. Also added the [L] (last) modifier to make the server stop processing after one of the bottom two requests (should make it micro, mini, faster). Code: RewriteEngine onThanks for your code Phil_B! Frankie
[eluser]djmccormick[/eluser]
This is awesome, thank you to everyone who contributed.
[eluser]manisha[/eluser]
I tried all the rules given above. But my URL does not work under https://. I am facing 404 page not found error. RewriteCond %{REQUEST_URI} (auth|register|secure|payment) What does this line do?
[eluser]manisha[/eluser]
I have tried all the suggestions in this thread for Htaccess to remove index.php from Code Igniter URL. This rewrite rules removes index.php from URL but does not display under Secure URL. for example: http://www.mysite.com/CodeIg/MyController -- Works perfect https://www.mysite.com/CodeIg/index.php/MyController -- Works perfect But https://www.mysite.com/CodeIg/MyController -- Does not Work at all. It gives page not found server error. Then I tried adding the htaccess rules in Virtual host file... Now the Screen get displayed but without any css, js and Images included in the page. All these folder like css, images and JS are in application directory. Does anyone know why this problem is coming? REply to post would be appreciated a lot.... Thanks
[eluser]Roy MJ[/eluser]
I think the problem is with the position of your css js and other folders. It should not be inside application folder. Instead try putting it at the same position as ur system folder. To be specific just inside your public_html folder.
[eluser]Unknown[/eluser]
Doesn't work for me either. My goal is to reach the whole site ONLY via HTTPS. With the changes from the first post, I have these results: http://onnext.dev.local/index.php/home http://onnext.dev.local/home That works. https://onnext.dev.local/index.php/home https://onnext.dev.local/home That does not work. My changed htaccess(for HTTPS access) Code: <IfModule mod_rewrite.c>What am I doing wrong? Do I have to add something to the VHOST-File? What would I have to add there? Please help, Thanks Edit: Well, that seems to work now, but I does not redirect to the subfolder /onnext/ :-( Code: <IfModule mod_rewrite.c> |
| Welcome Guest, Not a member yet? Register Sign In |
