how to force a page to https

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • jsilver
    Junior Member
    • Sep 2004
    • 26
    #1

    how to force a page to https

    I have an orderform page that is located at https://www.domain.com/order.htm and the secure form works great.

    Problem is that if somebody types it in as http://www.domain.com/order.htm they can submit the information insecure.

    How can I change the scripting to force the page to be https, regardless of which way they type it in.
    Tags: None
    • dammitjanet
      Junior Member
      • Jan 2005
      • 29
      #2
      mod rewrite is probably the best way

      create a .htaccess file in the directory required with the following contents
      Code:
      RewriteEngine On 
RewriteRule ^/$ /order.htm
RewriteCond %{SERVER_PORT} !443$
RewriteRule ^(.*) https://www.domain.com/:443$1 [R=301,L]
      no guaruantee this will work, but it should

        Comment

        • jsilver
          Junior Member
          • Sep 2004
          • 26
          #3
          Still not working

          I tried this, however there is already a .htaccess script in this directory for the Frontpage form that was created. Its coding is as follows:

          # -FrontPage-

          IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

          <Limit GET POST>
          order deny,allow
          deny from all
          allow from all
          </Limit>
          <Limit PUT DELETE>
          order deny,allow
          deny from all
          </Limit>
          AuthName www.10dollarhosting.ca
          AuthUserFile /home/dollar/public_html/_vti_pvt/service.pwd
          AuthGroupFile /home/dollar/public_html/_vti_pvt/service.grp


          I don't know anything about .htaccess so I'm not sure if you can have multiple...or if the form would then have to go in a different directory. I triued creating a new directory with this .htaccess file..but the page wouldn't display at all. AND I think the Frontpage .htaccess file has to be there for the form to work.

          Any ideas?

          Originally posted by dammitjanet
          mod rewrite is probably the best way

          create a .htaccess file in the directory required with the following contents
          Code:
          RewriteEngine On 
RewriteRule ^/$ /order.htm
RewriteCond %{SERVER_PORT} !443$
RewriteRule ^(.*) https://www.domain.com/:443$1 [R=301,L]
          no guaruantee this will work, but it should

            Comment

            • jsilver
              Junior Member
              • Sep 2004
              • 26
              #4
              Should I Posibbly just deny http access

              Whatever the solution is that I need..is just page specific. When I tried inputing the .htaccess file it affect all pages in that directory.

              Instead of forcing an https page....is there a way to make that page mandatory in https by denying the http one.

              Or is there an HTML based meta redirect that won't loop?

              I'm out of ideas and have tried searching the net for hours.

                Comment

                • Frank Hagan
                  Senior Member
                  • Mar 2004
                  • 724
                  #5
                  As far as I know, you can only force an entire directory / folder to HTTPS. The easy solution is to put the secure page in its own directory and use mod rewrite / .htaccess as explained here:

                  Page not found | My Blog
                  http://www.webhostingtalk.com.au/archive/index.php/t-2346.html

                    Comment

                    Previous template Next
                    Working...