.htaccess and SSL

Be the first to comment

One of the more confusing aspects of setting up a site that requires some pages to be SSL enabled is how to force "https" on those pages and still have the other pages only use "http://". The following is a quick tutorial on htaccess, how the rules work, and what the code in there really stands for.

RewriteEngine On

As long as your rules following this line in the htaccess file, things should work fine.

The first line we are going to use will rewrite anything that is "https" but does not need to be, to "http":

RewriteCond %{HTTPS} !=off
RewriteRule ^(mainmenu-item-one.*|mainmenu-item-two.*|mainmenu-item-three.*)$ http://www.mysite.com/$1 [NC,R=301,L]

In this rule the first line reads as: "if https is not off"...or in other words... "if https is on".

The rewrite rule lists three menu items which is really what the url reads after your domain:

www.mysite.com/mainmenu-item-one
www.mysite.com/mainmenu-item-two
www.mysite.com/mainmenu-item-three

There is a " .* " after each of these.
A dot (or period) indicates any single arbitrary character.
Asterisk matches zero or more of the preceding character. e.g., use “.*” as a wildcard.

This lets us say that anything including the menu items and anything after these menu items will be rewritten to NOT include "https".

The last items between the square brackets are "flags" and the definitions of what they do are as follows:

N - Next: instructs Apache to rerun the rewrite rule until all rewriting directives have been achieved.
C - Chain: instructs server to chain the current rule with the previous rule.
R=301 - Redirect: instructs Apache to issue a redirect, causing the browser to request the rewritten/modified URL. 301 - Moved Permanently.
L - Last rule: instructs the server to stop rewriting after the preceding directive is processed.

The up arrow " ^ " and the dollar symbol " $ " denote the beginning and end of the regex expression.

So, using what we know about these definitions, the approach we're using is:

^domain.*

which, defines a string that begins with the term “domain”, which then may be followed by any number of any characters.

The vertical bar " | " lets you continue your list of urls that you are writing this rule for.

Now for the next line which writes items that are not secured (http) to a secured (https) url:

RewriteCond %{HTTPS} !=on
RewriteRule ^(mainmenu-item-four.*|contact-us)$ https://www.mysite.com/$1 [NC,R=301,L]

Everything under " www.mysite.com/mainmenu-item-four " and including " www.mysite.com/mainmenu-item-four " will be rewritten to use "https".

Notice for "contact-us" there is no "dot asterisk" following it. This is because we only want to secure the actual Contact Us page and not anything underneath it.

We also have the same use of the "flags" discussed before.

Now we would like to have canonical urls sorted so that everything always reads with a "www." in front.

# Redirect non-canonical hostname requests to canonical domain
RewriteCond %{HTTP_HOST} !=www.mysite.com
RewriteCond %{HTTPS}>s ^(on>(s)|[^>]+>s)$
RewriteRule ^(.*)$ http%2://www.mysite.com/$1 [R=301,L]

This expression will rewrite anything not including a "www." in the url to a url including the "www.". This is true whether it's "http" or "https".

The full code used in this example as it would be placed in the .htaccess file:

RewriteCond %{HTTPS} !=off
RewriteRule ^(mainmenu-item-one.*|mainmenu-item-two.*|mainmenu-item-three.*)$ http://www.mysite.com/$1 [NC,R=301,L]

RewriteCond %{HTTPS} !=on
RewriteRule ^(mainmenu-item-four.*|contact-us)$ https://www.mysite.com/$1 [NC,R=301,L]

# Redirect non-canonical hostname requests to canonical domain
RewriteCond %{HTTP_HOST} !=www.mysite.com
RewriteCond %{HTTPS}>s ^(on>(s)|[^>]+>s)$
RewriteRule ^(.*)$ http%2://www.mysite.com/$1 [R=301,L]

Other Notes:

When using url rewrite components, be cautious of what is being rewritten, why, and how. It's possible to created rewrite loops where one rule just redoes the one before it and the browser never finishes.

If you run into issues, try using this strategy with all other rewrite extensions turned off and just using Joomla's core rewrite engine.

Also Read

chmod Commands

Change File permissions to 644: find . -type f -exec chmod 644 {} \; Change Directory...