Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Force HTTPS for certain controllers
Force HTTPS for certain controllers
  • El Forum
    Guest
  •  
#1
10-15-2007, 11:00 PM

[eluser]Michael Roper[/eluser]
I am trying to be able to force certain functions in my controller to only be accessed over SSL... so if they are accessed by a HTTP url, they will be redirected to the HTTPS url (with any POST data still intact)... but I only want those to be redirected, and everything else can stay on non-SSL.

here is my current .htaccess rules...
Code:
RewriteEngine On
RewriteBase /

## these were my original rules
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule ^(.*)$ index.php/$1 [L]

#### SECURE CERTAIN PAGES

## if they are already on the http site
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} secure/(register|activation|login|profile)
RewriteRule ^(.*)$ https://%{HTTP_HOST}/index.php/$1 [L]

## if they are already on the https site
RewriteCond %{SERVER_PORT} !80
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} secure/(register|activation|login|profile)
RewriteRule ^(.*)$ https://%{HTTP_HOST}/index.php/$1 [L]


#### UNSECURE THE REST

## if they are already on the http site
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !secure/(register|activation|login|profile)
RewriteRule ^(.*)$ http://%{HTTP_HOST}/index.php/$1 [L]

## if they are on the https site
RewriteCond %{SERVER_PORT} !80
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !secure/(register|activation|login|profile)
RewriteRule ^(.*)$ http://%{HTTP_HOST}/index.php/$1 [L]

it looks convoluted, but it seems to work... with the exception of the fact that the 'index.php' shows up in the url when switching between the ssl and non-ssl site.. which i dont really like..

can anyone suggest a better way to do this, or at least a way to tidy up the rules above? i'm not familiar enough with the rewrite rules to figure it out without breaking other things... also, is this something i could be doing with routes?


Messages In This Thread
Force HTTPS for certain controllers - by El Forum - 10-15-2007, 11:00 PM
Force HTTPS for certain controllers - by El Forum - 10-16-2007, 06:11 PM
Force HTTPS for certain controllers - by El Forum - 10-16-2007, 07:13 PM
Force HTTPS for certain controllers - by El Forum - 10-17-2007, 01:50 AM
Force HTTPS for certain controllers - by El Forum - 10-17-2007, 02:24 AM
Force HTTPS for certain controllers - by El Forum - 10-17-2007, 01:21 PM
Force HTTPS for certain controllers - by El Forum - 10-17-2007, 06:10 PM



Theme © iAndrew 2016 - Forum software by © MyBB