Reputation: 887
Force users to access my page over HTTPS instead of HTTP?
Follow up question to what is posted here:
How can I force users to access my page over HTTPS instead of HTTP?
I've added the following code to one page, the index.php page of my CART directory.
if($_SERVER["HTTPS"] != "on")
{
header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
exit();
}
When I browse the site starting from the index page, all files within the CART directory are loaded through HTTPS (which I actually want), but if I click a link to a another page outside the CART folder, it goes back to HTTP.
How is this working this way? How is the HTTPS staying active for pages within the CART directory? If I type in a URL for a page within the CART directory, HTTPS is not enforced, which makes sense.
The site URL is http://wtc.betaforming.com
Trying to wrap my brain around this, thanks.
Brett
Upvotes: 1
Views: 1514
Answers (3)
Reputation: 21
<?php
// Require https
if ($_SERVER['HTTPS'] != "on") {
$url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
header("Location: $url");
exit;
}
?>
Try to add this on the file you're trying to access in HTTPS and it will force the browser to load in HTTPS.
Upvotes: 1
Reputation: 19539
You answered your own questions in your question:
How is this working this way? How is the HTTPS staying active for pages within the CART directory?
...when you said:
I've added the following code to one page, the index.php page of my CART directory.
See? You're enforcing HTTPS requirement for pages in your cart directory, but not elsewhere. Which reflects what you're seeing on your site. If you want to require HTTPS site-wide, considering using your webserver to enforce that requirement. For example with Apache and mod_rewrite you might try something like this:
<IFModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IFModule>
EDIT
In a comment in your post you say "I'm trying to understand how/why HTTPS is being enforced when browsing to other pages in the CART directory from the index.php page". My guess (and it is a guess since you have not shown us your code) is that those URLs are built in a ssl-agnostic way, like this:
<a href="/cart/some_page.html">I'm SSL-enabled on a page with HTTPS in the address bar</a>
Again though, without seeing your code, it's impossible to say.
Cheers
Upvotes: 1
Reputation: 16828
I would recommend adding this bit of code to your .htaccess file (if your running Apache) in your root directory.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} =off
RewriteRule ^DIRECTORY1|DIRECTORY2|DIRECTORY3 https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/DIRECTORY1|DIRECTORY2|DIRECTORY3
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
Where you replace DIRECTORY1,DIRECTORY2, etc. with the directories that you want to force HTTPS on, then doing it in reverse (the code just below), by saying if not DIRECTORY1,DIRECTORY2, etc. then redirect to HTTP.
Hope this helps
Upvotes: 1
Related Questions
- How can I force users to access my page over HTTPS instead of HTTP?
- How do I force HTTPS on a some pages? (PHP)
- Redirect One Page to http instead of https
- PHP page to be HTTPS
- Redirect all requests with http to https
- How to force one page to http (when https is forced site wide)
- Force SSL only on certain pages with PHP
- Force all http traffic to https except one URL
- Redirect HTTPS to HTTP
- Redirect from secure https to http for only one page