.htaccess redirection question

That's a little to broad a scope. Please read my question again.

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"zerof" <zerof@terra.com.br> wrote in message
news:g5dkqb$g3i$1@forums.macromedia.com...
> Murray *ACE* escreveu:
>> If I link to my shopping cart checkout page with an https protocol, how
>> can I get out of that and back into the http 'stream'? I only want that
>> one page to be secure.
>>
> ------
> http://www.askapache.com/htaccess/ssl-example-usage-in-htaccess.html
> ----
> zerof

.oO(Murray *ACE*)

>If I link to my shopping cart checkout page with an https protocol, how can
>I get out of that and back into the http 'stream'? I only want that one
>page to be secure.

Should be possible with mod_rewrite. You can use it to check the used
protocol and redirect if necessary. The checkout page should be checked
for HTTPS, all others just for HTTP. If the "wrong" protocol was used,
perform a redirect. Makes any sense? ;)

Micha

I'll check and see if it does. Would this be the typical way such things
are done?

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"Michael Fesser" <netizen@gmx.de> wrote in message
news:03pk74p60o7k0gac2j85cefp2jss7uajb5@4ax.com...
> .oO(Murray *ACE*)
>
>>If I link to my shopping cart checkout page with an https protocol, how
>>can
>>I get out of that and back into the http 'stream'? I only want that one
>>page to be secure.
>
> Should be possible with mod_rewrite. You can use it to check the used
> protocol and redirect if necessary. The checkout page should be checked
> for HTTPS, all others just for HTTP. If the "wrong" protocol was used,
> perform a redirect. Makes any sense? ;)
>
> Micha

So, perhaps zerof was right all along with the posted link - could I do
something like this?

RewriteRule /checkout.php https://www.example.com/checkout.php [R=301,L]
RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]

The first one would redirect only the checkout page, and the second one
would redirect everything else? I'm worried about an infinite loop here....

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"Murray *ACE*" <forums@HAHAgreat-web-sights.com> wrote in message
news:g5fd1c$eeh$1@forums.macromedia.com...
> I'll check and see if it does. Would this be the typical way such things
> are done?
>
> --
> Murray --- ICQ 71997575
> Adobe Community Expert
> (If you *MUST* email me, don't LAUGH when you do so!)
> ==================
> http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
> http://www.dwfaq.com - DW FAQs, Tutorials & Resources
> ==================
>
>
> "Michael Fesser" <netizen@gmx.de> wrote in message
> news:03pk74p60o7k0gac2j85cefp2jss7uajb5@4ax.com...
>> .oO(Murray *ACE*)
>>
>>>If I link to my shopping cart checkout page with an https protocol, how
>>>can
>>>I get out of that and back into the http 'stream'? I only want that one
>>>page to be secure.
>>
>> Should be possible with mod_rewrite. You can use it to check the used
>> protocol and redirect if necessary. The checkout page should be checked
>> for HTTPS, all others just for HTTP. If the "wrong" protocol was used,
>> perform a redirect. Makes any sense? ;)
>>
>> Micha
>

Murray *ACE* escreveu:
> So, perhaps zerof was right all along with the posted link - could I do
> something like this?
>
> RewriteRule /checkout.php https://www.example.com/checkout.php [R=301,L]
> RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]
>
> The first one would redirect only the checkout page, and the second one
> would redirect everything else? I'm worried about an infinite loop
> here....
>
-------
I am not sure that this is the right way to control this isue.
As I know, HTTP and HTTPS protocols use different ports, (usualy 80 and
443, respectively).

Redirect 301 is for use to folder or file Moved Permanently.
Redirect 302 302 may be, also, used for instance.

I think that this page with Status Code Definitions, must be useful:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

----
ex-corde.
zerof

OK - so I found this on that site:

RewriteCond %{SERVER_PORT}s ^(443(s)|[0-9]+s)$
RewriteRule ^(.+)$ - [env=askapache:%2]

# redirect urls with index.html to folder
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.html\ HTTP/
RewriteRule ^(([^/]+/)*)index\.html$ http%{ENV:askapache}://%{HTTP_HOST}/$1
[R=301,L]

# change // to /
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.*)//(.*)\ HTTP/ [NC]
RewriteRule ^.*$ http%{ENV:askapache}://%{HTTP_HOST}/%1/%2 [R=301,L]

Can you help me understand it?

I think that the first block is setting the variable 'askapache' to a value
depending on whether the request is for http or https. If the former, its
value is null, and if the latter it's 's'. Right?

Then the next block would be used to redirect links for the checkout page to
https, right?

But I don't get the last block. What I would want that to do would be to
redirect any links FROM the checkout page from https back to http.

Would this be the right way to do such things?

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"zerof" <zerof@terra.com.br> wrote in message
news:g5fid6$jsf$1@forums.macromedia.com...
> Murray *ACE* escreveu:
>> So, perhaps zerof was right all along with the posted link - could I do
>> something like this?
>>
>> RewriteRule /checkout.php https://www.example.com/checkout.php [R=301,L]
>> RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]
>>
>> The first one would redirect only the checkout page, and the second one
>> would redirect everything else? I'm worried about an infinite loop
>> here....
>>
> -------
> I am not sure that this is the right way to control this isue.
> As I know, HTTP and HTTPS protocols use different ports, (usualy 80 and
> 443, respectively).
>
> Redirect 301 is for use to folder or file Moved Permanently.
> Redirect 302 302 may be, also, used for instance.
>
> I think that this page with Status Code Definitions, must be useful:
>
> http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
>
> ----
> ex-corde.
> zerof

Murray *ACE* wrote:
> If I link to my shopping cart checkout page with an https protocol, how
> can I get out of that and back into the http 'stream'? I only want that
> one page to be secure.
>

I use a different method, which was first shown to me as PHP, but then
given as ASP, unfortunately I can't find the PHP example any more, it
was Dave on the Webassist forums, but here is my ASP example:

<%
If Request.ServerVariables("HTTPS") = "off" Then
Response.Redirect "https://" & Request.ServerVariables("HTTP_HOST") &
Request.ServerVariables("URL") & "?" &
Request.ServerVariables("QUERY_STRING")
End If
%>

Maybe you could do something similar with PHP?

Steve

Sure, I can do that with mod_rewrite actually, but what you show is ONLY a
redirect into https. What I want is the following -

1. Redirect EVERYTHING into HTTP
2. EXCEPT for a link to the checkout page which should be HTTPS

That way, once someone wants to leave the checkout page, they are sent back
into http-space and out of https-space. Make sense?

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"Dooza" <doozadooza@gmail.com> wrote in message
news:g5fvog$4eo$1@forums.macromedia.com...
> Murray *ACE* wrote:
>> If I link to my shopping cart checkout page with an https protocol, how
>> can I get out of that and back into the http 'stream'? I only want that
>> one page to be secure.
>>
>
> I use a different method, which was first shown to me as PHP, but then
> given as ASP, unfortunately I can't find the PHP example any more, it was
> Dave on the Webassist forums, but here is my ASP example:
>
> <%
> If Request.ServerVariables("HTTPS") = "off" Then
> Response.Redirect "https://" & Request.ServerVariables("HTTP_HOST") &
> Request.ServerVariables("URL") & "?" &
> Request.ServerVariables("QUERY_STRING")
> End If
> %>
>
> Maybe you could do something similar with PHP?
>
> Steve

.oO(zerof)

>Murray *ACE* escreveu:
>> So, perhaps zerof was right all along with the posted link - could I do
>> something like this?
>>
>> RewriteRule /checkout.php https://www.example.com/checkout.php [R=301,L]
>> RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]
>>
>> The first one would redirect only the checkout page, and the second one
>> would redirect everything else? I'm worried about an infinite loop
>> here....
>>
>-------
>I am not sure that this is the right way to control this isue.
>As I know, HTTP and HTTPS protocols use different ports, (usualy 80 and
>443, respectively).
>
>Redirect 301 is for use to folder or file Moved Permanently.

301 means that a particular resource should always and permanently be
accessed by the URL given in the Location header. IMHO it's the correct
code for a "protocol redirect", since the page in question is supposed
to be accessed only via HTTPS, not HTTP. That's a permanent move for me.

>Redirect 302 302 may be, also, used for instance.

302 is just a general, unspecific redirect. It says nothing about the
purpose of the redirect.

Micha

.oO(Murray *ACE*)

>So, perhaps zerof was right all along with the posted link - could I do
>something like this?
>
>RewriteRule /checkout.php https://www.example.com/checkout.php [R=301,L]

This will cause an infinite loop. You have to check the used protocol
with a RewriteCond directive and the HTTPS variable (assuming that it's
safe to use that variable, but the mod_rewrite manual says so).

Something like this (untested):

RewriteCond %{HTTPS} off [NC]
RewriteRule ^(checkout\.php) https://%{SERVER_NAME}/$1 [R=301,L]

To redirect all other pages from HTTPS to HTTP, you do it in a similar
way, but have to exclude the checkout page or you would get an infinite
loop again:

RewriteCond %{HTTPS} on [NC]
RewriteCond %{REQUEST_URI} !^checkout\.php
RewriteRule (.*) http://%{SERVER_NAME}/$1 [R=301,L]

It's just a quick untested shot, so it might require some tweaking here
and there.

HTH
Micha

Murray *ACE* wrote:
> Sure, I can do that with mod_rewrite actually, but what you show is ONLY
> a redirect into https. What I want is the following -
>
> 1. Redirect EVERYTHING into HTTP
> 2. EXCEPT for a link to the checkout page which should be HTTPS
>
> That way, once someone wants to leave the checkout page, they are sent
> back into http-space and out of https-space. Make sense?

Ahh yes, it does. You *could* use the opposite of my method on all the
other pages, but thats a lot of work 🙂 In fact its what I do through
out my shop.

Steve