Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Configuring htaccess to force SSL / non-SSL
Configuring htaccess to force SSL / non-SSL
  • El Forum
    Guest
  •  
#1
04-25-2012, 02:16 AM

[eluser]Unknown[/eluser]
Hi all,

I'm having issues trying to set up my htaccess file to force the user off SSL when it is not required. I have managed to get it to force the user to use SSL in the controllers that require it (admin, account, application), but once they are using SSL they are on it for the entire site. Ideally I would like the user to be pushed back to http on the pages not in the controllers defined.

Code:
RewriteEngine On

RewriteBase /

RewriteCond %{SERVER_PORT} !=443
RewriteCond %{REQUEST_URI} ^/(admin|account|application)
RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R=301,L]

RewriteCond %{SERVER_PORT} !=80
RewriteCond %{REQUEST_URI} !^/(admin|account|application)
RewriteRule ^(.*)$ http://%{SERVER_NAME}/$1 [R=301,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]

If I remove the middle rule set then it works as I described, but adding the middle rule not only stops the SSL redirect but also adds 'index.php?/' to the URL of the SSL pages.

Any help would be greatly appreciated, I'm sure it's something simple I'm missing, I just don't know what!
  • El Forum
    Guest
  •  
#2
04-26-2012, 03:55 AM

[eluser]vrencianz[/eluser]
Hello.

Just to simulate your task I created two controllers (test, welcome) and forced https and http on them

Code:
RewriteEngine On
RewriteBase /codeigniter

RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} ^/codeigniter/test
RewriteRule ^(.*)$ https://%{SERVER_NAME}/codeigniter/$1 [L]

RewriteCond %{SERVER_PORT} 443
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/codeigniter/test
RewriteRule ^(.*)$ http://%{SERVER_NAME}/codeigniter/$1 [L]  

RewriteCond $1 !^(index\.php|images|robots\.txt)
RewriteRule ^(.*)$ /codeigniter/index.php/$1 [L]
niter/index.php/$1 [R=301,L]

Adjust it for your needs.
  • El Forum
    Guest
  •  
#3
04-26-2012, 05:48 AM

[eluser]Unknown[/eluser]
That looks to be working perfectly, thanks!
  • El Forum
    Guest
  •  
#4
04-26-2012, 02:47 PM

[eluser]Aken[/eluser]
The -f/-d checks are unnecessary if you're already checking the REQUEST_URI for something specific, and could cause issues in certain file structures (depends how your site is set up).
  • El Forum
    Guest
  •  
#5
04-28-2012, 06:57 AM

[eluser]bgreene[/eluser]
just as an aside, your use of admin as a one of your controllers appeared bright red on my screen. Last year, I noticed an ever increasing number of those trying to hack my sites were using http:/mysite/admin/whatever so I renamed all admin controllers and directories to something COMPLETELY different. The word admin has now been banned from my programming vocabulary 8=)




Theme © iAndrew 2016 - Forum software by © MyBB