I just bought SSL for my domain and the host installed it and now all pages are requiring "HTTPS". Is there a way to fix this globally and only display the https pages when I call for them?
Example:
example.com - wont work
https://example.com - works
I know I have to link to the pages I want secure with https, none of the pages are working though and host wont help.
it’s important to avoid this by
ensuring that every image, CSS and Javscript file on a secure
page is accessed using HTTPS. For content on the same domain it’s quite straightforward – you just need to use relative URLs. A relative URL contains the ‘offset’ URL that
needs to be applied to the page’s absolute URL in order to
find a resource.
A problem arises though, if you attempt to access a
resource from a different domain because you can’t use the
simple path-relative URL to access the resource. This often
happens when you attempt to use a third party service such
as Google Analytics or a third party Ajax library CDN.
Google Analytics solves the problem with its external
javascript file by recommending the use of this code to
dynamically switch protocols:
var gast = (("https:" == document.location.protocol) ?
"https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gast +
"google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
Redirect from http to https
This bit will help you tremendously when you’ve not updated every single link in your site yet. You can just add a straight server level redirect from http to https.
In Apache you’d do something like this:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
You can force https acces with htaccess. Try the following:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
Please replace www.yourdomain.com with that of yours'
Note: Please do remeber to get your mod_rewrite ON for the server
Related
I have htaccess allowing access through a link to a Wordpress site (siteA.com) only through one specific URL (siteB.com) and denying all others.
This does it for me...
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http?://siteA.com/
RewriteRule ^ - [L]
RewriteRule ^ - [F]
ErrorDocument 403 /forbidden.html
BUT it doesn't load siteB.com stylesheet.
I'm looking for a htaccess rule that would allow me to access a site if only accessed through a specific link. Security here is not an issue.
TL;DR; While you can try playing around with htaccess, there is no reliable way to do what you want.
The simple answer is that request to stylesheet has your main page as the referrer. To see this, navigate to your site, open Dev Tools (F12 in Chrome), then switch to Networks tab, select your CSS and look at request headers.
For example, the page for this question has this URL:
http://stackoverflow.com/questions/40220527/htaccess-allow-only-specific-url-doesnt-load-its-css
And the request for CSS has this in its headers:
Referer: http://stackoverflow.com/questions/40220527/htaccess-allow-only-specific-url-doesnt-load-its-css
Overal, it's a very, very bad idea to filter based on the Referer or any request header for that matter, as they are very easily spoofed.
I need to change my whole site working on https instead http.I have changed http part of WordPress Address (URL) and Site Address (URL) to https from Settings->General but the whole site is down. What steps i need to perform to convert wordpress site from http to https. I have CentOS release 6.3 (Final) installed.
To make a website HTTPS, firstly get an SSL certificate for the domain, install it on the server and change the website permalinks from http to https.
Admin Setting:
Go to the admin dashboard.
Point you mouse over Settings and click General.
Where it says WordPress Address (URL) and Site Address (URL) replace the http:// part with https:// for both of them.
Click Save Changes
To easily enable (and enforce) WordPress administration over SSL, the constant FORCE_SSL_ADMIN should be set to true in your site's wp-config.php file to force all logins and all admin sessions to happen over SSL.
define('FORCE_SSL_ADMIN', true);
To setup a 301 permanent redirect, FTP/SFTP to your server and add the code below at the top of WordPress' .htaccess file.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^yoursite.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.yoursite.com [NC]
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [L,R=301,NC]
Change every instance of yoursite.com to your WordPress URL.
To inform Google about the change in URL, re-add your WordPress site to Google webmaster tool (but this time with https://).
Hope it will help.
What Techie Code said is correct...
Also Don't mention HTTP or HTTPS in your image path. Just keep it like //yoursite.com/img/image.jpg so it will keep track of http or https automatically. This is called as Protocol Relative URL's.
Check here The Protocol-relative URL http://www.paulirish.com/2010/the-protocol-relative-url/
I have hosted an ecommerce website with the OpenCart script at www.medicosales.in
I am facing some errors.
The website when opened by typing medicosales.in is NOT automatically resolving to https:// where I have seen in SSL secured sites that just by typing yourdomain.com the URL automatically takes https://
It's showing this message
How to solve it?
You should set up your .htaccess file if you're using Apache, or similar if you're using another webserver to rewrite your URLs to include https:// if they do not already. This will force the user's browser to access via the correct protocol.
For Apache place the following code into the top of your .htaccess file in your document root for the site ensuring mod_rewrite is enabled.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Whenever you load a resource externally e.g. via something like <img src="http://example.com/myimage.jpg" ... you must ensure that the protocol is HTTPS also otherwise your browser will give you that message since the resource was not loaded securely.
The way to fix this is ensure that all externally linked resources have their URLs prefixed with // and not http://. This way the browser will use the current protocol to fetch the resource.
Thanks #davidgiga1993 for pointing out // rather than using https://
It is not automatic. You need to send a 302/301 redirect back to the user pointing to the https URL.
I currently have a site where users can login and do various things. The site uses SSL(HTTPS).
Is there a way to use .php or .htaccess to unsecure a specific link and any link connected (ie. (https://domain.com/unsecure, https://domain.com/unsecure/randominfinit)) unsecure?
But also would this work with a user being logged in to their account and be able to navigate out of /unsecure or /unsecure/randominfinit and still be logged in and not throw errors or browser errors or reduce security?
I have been looking everywhere for a solution for this and have not been able yet to find a solution.
The reason why I need to do this is because I am using iframe to load .swf content on my secure site that is hosted on another domain/server. If you have a better idea to deliver content using iframe with non-SSL content, please tell me - I am all ears.
As long as you have a valid cert you can go between http and https. This will check if the directory is unsecure and https then redirect to non https.
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/unsecure [NC]
RewriteCond %{HTTPS} ^on
RewriteRule ^(.*) http://example.com/$1 [R=301,L]
Let me know how that works for you.
My server provides SSL connections via https, although the certificate costs extra...
Is there anything that needs to be changed in the PHP code to utilize this protocol?
My site has:
ajax forms via POST
regular forms and pages using POST and GET parameters
Session variables
You should be good to go. PHP does not impact the use of SSL or not.
Things you should check are:
Are all URLS in you application relative (no http://)
Are assets (CSS/JS/IMG) used in your site (both from internal and external sources) also as relative paths or prefixed with https://
Having an asset without https:// in a SSL powered site, the browsers will warn you visitors that something ain't right.
you can use the server .htaccess file to redirect all your links. So when the standard page is opened via say a link the server redirects to the https version...
# Permanent reirect ALL old pages to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Other than any hard-coded URLs, no, your code shouldn't know about the difference, nor care.
I'd have to say the same as mvbrakel, but as far as session cookies/cookies you will want to turn on HTTPS only if you are using https on ALL your pages.
Also adding HTTP only to cookies, js scripts won't be able to check value and such.
The code does not need to be changed, other than to change all links from http:// to https:// (seriously, don't forget that, else you aren't using SSL...)