Jump to:

23483 Posts in 18976 Topics by 2878 members

General Questions

SilverStripe Forums » General Questions » .htaccess file and SSL redirect help

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 2754 Views
  • Hello_electro
    Avatar
    Community Member
    80 Posts

    .htaccess file and SSL redirect help Link to this post

    HI Guys:

    I have been slowly getting my site to work with the company provided ssl certificate. Their process involves me using a redirect in .htaccess so that if someone goes to a form or the admin pages it encrypts the info behind their ssl cert.

    This part I got to work, but now my issue is that when i navigate back to to a page that is not normally ssl protected the url still shows https.

    Is there something I need to add to the .htaccess file to make it revert back to non ssl? Below is my .htaccess code. There is both a .htaccess-ssl and .htaccess page.

    .htacess-ssl

    ### SILVERSTRIPE START ###
    <Files *.ss>
       Order deny,allow
       Deny from all
       Allow from 127.0.0.1
    </Files>

    <Files web.config>
       Order deny,allow
       Deny from all
    </Files>

    <IfModule mod_rewrite.c>
       RewriteEngine On
       RewriteBase /XXXXXXXX

       RewriteCond %{REQUEST_URI} ^(.*)$
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L]
    </IfModule>

    ### SILVERSTRIPE END ###

    .htaccess file

    ### SILVERSTRIPE START ###
    <Files *.ss>
       Order deny,allow
       Deny from all
       Allow from 127.0.0.1
    </Files>

    <Files web.config>
       Order deny,allow
       Deny from all
    </Files>

    <IfModule mod_rewrite.c>
       RewriteEngine On
       RewriteBase /

       RewriteCond %{SERVER_PORT} 80
       # Force SSL redirect for certain pages.
       RewriteCond %{REQUEST_URI} ^/(admin|contact|secure)
       RewriteRule (.*) https://mysite.com/$1 [R,L]
       # Use this for production deployment on origin
       #RewriteRule (.*) https://mysite.com/$1 [R,L]

       # All other requests pass through to this server.
       RewriteCond %{REQUEST_URI} ^(.*)$
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L]
    </IfModule>

    ### SILVERSTRIPE END ###

  • vancouverWill
    Avatar
    Community Member
    121 Posts

    Re: .htaccess file and SSL redirect help Link to this post

    I know this is a while ago but any chance you ever get this figured out? I found if(Director::isLive()) Director::forceSSL(array('/^admin/', '/^Security/')); in Director.php but this seems to do the same thing, it will take you to https but not send you back to http which can often be important when the site has for example images taken from elsewhere like a facebook link with facebook hosted image as an example

    cheers

    Will

  • zenmonkey
    Avatar
    Community Member
    528 Posts

    Re: .htaccess file and SSL redirect help Link to this post

    Realistically it shouldn't matter if you're using a secure connection for non-secure pages just make sure you're setting the canonical meta tag in your header for SEO

  • James Bolitho
    Avatar
    Community Member
    33 Posts

    Re: .htaccess file and SSL redirect help Link to this post

    Hi,

    If I have read the first post correctly I managed to implement this functionality on a non silverstripe site I was working on by adding the following in the .htaccess.

    #This checks to see if browser connection is via https, then checks to see if the browser is not connecting to portal/ or administrator/ urls before re-writting the url and connecting via a http connection.
    RewriteCond %{HTTPS} on
    RewriteCond %{REQUEST_URI} !(portal|administrator)/
    RewriteRule (.*) http://www.yourdomain.co.uk/$1 [R=301,L]

    #This checks to see if browser connection is via http, then checks to see if browser is connecting to portal/ or administrator/ urls before re-writting the url and connecting via a https connection.
    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} (portal|administrator)/
    RewriteRule (.*) https://www.yourdomain.co.uk/$1 [R=301,L]

    It should work here and I hope that this helps someone.

    Alternatively instead of adding this to the .htaccess you could code this into your page controller, I found some code on this forum somewhere that worked for me. I can dig it out if anyone is interested.

    Cheers,

    Jim

    2754 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.