.htaccess to force http using https and still get rid off index.php etc. |
[eluser]searain[/eluser]
I googled, to force the whole site using https. I can add these lines in .htaccess RewriteEngine On RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} But in CodeIgniter, we already use RewriteEngine on RewriteCond $1 !^(index\.php|images|robots\.txt) RewriteRule ^(.*)$ /index.php/$1 [L] To get rid of the index.php in url. How can we merge these two requests together to have a .htaccess rewrite rules which will get rid off index.php in the url and also force to redirect http to https? Thanks!
[eluser]Seb[/eluser]
I guess you shoud use both rewrite rules, because they will be applied if necessary: Code: RewriteEngine On
[eluser]searain[/eluser]
I tried that. It would not work. Give me 403 error. I think I would have to dig deep about how to apply multiple rewrite rule. If I switch the order RewriteEngine On RewriteCond $1 !^(index\.php|images|robots\.txt) RewriteRule ^(.*)$ /index.php/$1 [L] RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} I wouldn't get 403 error, and http is redirected to https, but index.php showed up too.
[eluser]skunkbad[/eluser]
What kind of site needs SSL on every page? Why not use per controller or per method? Code: public function force_ssl() If you extend CI_Controller with MY_Controller, and put that in MY_Controller, you simply call: $this->force_ssl(); wherever you need it. Keep in mind, in my code secure_base_url() is a special function that I put in MY_url_helper.php: Code: function secure_base_url() USE_SSL is a constant, which you could put in config/constants or wherever you feel is good.
[eluser]Svante Hansson[/eluser]
skunkbad, I don't think it's that surprising seeing SSL needed on every page. Handling a e.g company website for handling sensitive information I'd certainly want SSL on every page.
[eluser]Aken[/eluser]
It's also very common for ecommerce. My recommended .htaccess solution: Code: <IfModule mod_rewrite.c> The problem you were having was that your switch to SSL was not done as a redirect. The [R,L] part of that line specifies that it should be redirected to that page instead of emulating it, and L means Last, as in stop processing rules at that point.
[eluser]searain[/eluser]
Thanks! I will give a try. Yes. This site is for company sensitive info only. And I would like all the pages on https.
[eluser]searain[/eluser]
Thanks! I tried, it works great! Now I have another question. Say if I have a form on this site, and the form is sent to a page on this site, http://mysite.php/form Now the form is sent to http://mysite.php/form, with two post variables user=me&password=open the door, but I am forcing it to redirect to https://mysite.php/form. But the post variable/value user=me&password=open the door are not posted to the redirected url, https://mysite.php/form. I changed the base_url to https. This solved the problem for the web page form on this site, the form post url is https now. But we may have other devices/apps rather than form on this site, post to this site too and if they post to http and after I redirected http to https, the post variables are lost. Are there any solutions for this? Thanks! |
Welcome Guest, Not a member yet? Register Sign In |