HI Guys:

I have been slowly getting my site to work with the company provided ssl certificate. Their process involves me using a redirect in .htaccess so that if someone goes to a form or the admin pages it encrypts the info behind their ssl cert.

This part I got to work, but now my issue is that when i navigate back to to a page that is not normally ssl protected the url still shows https.

Is there something I need to add to the .htaccess file to make it revert back to non ssl? Below is my .htaccess code. There is both a .htaccess-ssl and .htaccess page.

.htacess-ssl

### SILVERSTRIPE START ###
<Files *.ss>
	Order deny,allow
	Deny from all
	Allow from 127.0.0.1
</Files>

<Files web.config>
	Order deny,allow
	Deny from all
</Files>

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /XXXXXXXX

	RewriteCond %{REQUEST_URI} ^(.*)$
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L]
</IfModule>

### SILVERSTRIPE END ###

.htaccess file

### SILVERSTRIPE START ###
<Files *.ss>
	Order deny,allow
	Deny from all
	Allow from 127.0.0.1
</Files>

<Files web.config>
	Order deny,allow
	Deny from all
</Files>

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /

	RewriteCond %{SERVER_PORT} 80 
	# Force SSL redirect for certain pages. 
	RewriteCond %{REQUEST_URI} ^/(admin|contact|secure)
	RewriteRule (.*) https://mysite.com/$1 [R,L]
	# Use this for production deployment on origin
	#RewriteRule (.*) https://mysite.com/$1 [R,L]

	# All other requests pass through to this server.
	RewriteCond %{REQUEST_URI} ^(.*)$
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L]
</IfModule>

### SILVERSTRIPE END ###

I know this is a while ago but any chance you ever get this figured out? I found if(Director::isLive()) Director::forceSSL(array('/^admin/', '/^Security/')); in Director.php but this seems to do the same thing, it will take you to https but not send you back to http which can often be important when the site has for example images taken from elsewhere like a facebook link with facebook hosted image as an example

cheers

Will

Realistically it shouldn't matter if you're using a secure connection for non-secure pages just make sure you're setting the canonical meta tag in your header for SEO

Hi,

If I have read the first post correctly I managed to implement this functionality on a non silverstripe site I was working on by adding the following in the .htaccess.

#This checks to see if browser connection is via https, then checks to see if the browser is not connecting to portal/ or administrator/ urls before re-writting the url and connecting via a http connection.
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !(portal|administrator)/
RewriteRule (.*) http://www.yourdomain.co.uk/$1 [R=301,L]

#This checks to see if browser connection is via http, then checks to see if browser is connecting to portal/ or administrator/ urls before re-writting the url and connecting via a https connection.
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} (portal|administrator)/
RewriteRule (.*) https://www.yourdomain.co.uk/$1 [R=301,L]

It should work here and I hope that this helps someone.

Alternatively instead of adding this to the .htaccess you could code this into your page controller, I found some code on this forum somewhere that worked for me. I can dig it out if anyone is interested.

Cheers,

Jim

I have been struggling precisely with this problem and no variation of an .htaccess redirect I have attempted has succeeded in working. Here's what I currently have, which is still not working. I just want my page /donate to redirect to https. So far, no luck. What's the deal here?

<IfModule mod_rewrite.c>
	SetEnv HTTP_MOD_REWRITE On
	RewriteEngine On
	RewriteBase '/'

	RewriteCond %{REQUEST_URI} ^(.*)$
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_URI} !\.php$
	RewriteRule .* framework/main.php?url=%1&%{QUERY_STRING}

	RewriteCond %{HTTPS} !=on
	RewriteRule ^/?donate/(.*) https://%{SERVER_NAME}/donate/$1 [R,L]
</IfModule>