Redirect http://sub to httpS://sub

Hello,

I’d like to redirect all requests performed on a subdomain to his SSL subdomain.

Basicly all requests made for example on
http://secure.domain.com/

are redirected to
httpS://secure.domaine.com/

What is the best solution to do this ?

I’d like to prevent all accesses to a web page on this subdomain with http.

Thanks

Pascal

Pascal,

I do this using PHP. I just create a php file and put it in the include path called something like forceSSL.php.


if($_SERVER['SERVER_PORT'] != "443" || $_SERVER['HTTP_HOST'] != "secure.domain.com") {
  header("location: https://secure.domain.com".$_SERVER["PHP_SELF"]);
  exit;
}

Then any page you want to be only SSL you can just include(‘forceSSL.php’);

Im sure there are other ways maybe using .htaccess or similar, but since I program in PHP this is a very quick and easy way to get this done.

Thanks justec,

We’ve done it with a rewrite rule. It uses work but not sure it is the best bet.

RewriteCond %{HTTPS} !=on [NC]
RewriteCond %{HTTP_HOST} ^secure.carat-hosting.com [NC]
RewriteRule ^(.*) https://secure.carat-hosting.com/$1 [R,L]

We also know there is something like this

<Directory /home/.path/to/web/html/secure>
SSLRequireSSL
</Directory>

But not sure it does the redirection (we didn’t test it

We try t ofind the best method. Yours is ok but you have to add these lines in EVERY php script, isns’it ?

Is there better solutions ?

Pascal

heu…

in fact it is

RewriteRule ^(.) https://secure.carat-hosting.com$1 [R,L]
and not
RewriteRule ^(.
) https://secure.carat-hosting.com/$1 [R,L]

this last one add every time one more slash at the end of https://secure.carat-hosting.com// then after https://secure.carat-hosting.com/// surely because this rule is defined just before the subdomain logic rules

Any way, somebody has a better rule ? a stronger/better soluce ?

Thanlks

Pascal

Here is how I do it…

pascal,

In your non-SSL virtual host:

 RewriteCond %{HTTP_HOST} ^secure\.carat-hosting\.com$ [NC]
 RewriteRule ^(.*)$ https://secure.carat-hosting.com$1 [R,L]

In your SSL virtual host:

RewriteCond %{HTTP_HOST} !^secure\.carat-hosting\.com$ [NC]
RewriteRule ^(.*)$ https://secure.carat-hosting.com$1 [R,L]

I see no reason to check the HTTPS mod_rewrite variable, beause your virtual hosts will be non-SSL or SSL-enabled exclusively. (It should not hurt to have the extra check, though.)

[B] Justec,

[/B] When I need PHP to enforce SSL, I write it like this:

if (isset($_SERVER['HTTPS']) == FALSE ||
          $_SERVER['HTTPS']  == '')
{
    header("Location: https://secure.domain.com".$_SERVER["PHP_SELF"]);
    exit(0);
 }

I have not written anything useful for my blog in a while, so I decided to turn my response above into a blog entry. I have been asked about this topic several times, so maybe this will help…

http://translocator.ws/2006/04/09/forcing-ssl-on-a-subdomain

Justec,

I’m sorry, but I got in a hurry and told you wrong. This is the correct code:

if
(   (   $_SERVER['HTTP_HOST'] == 'secure.domain.com' &&
        $_SERVER['HTTPS'    ] == '' // (non-SSL)
    )
    ||
    (   $_SERVER['HTTP_HOST'] != 'secure.domain.com' &&
        $_SERVER['HTTPS'    ] != '' // (SSL-enabled)
)   )
{
// Redirect...
    header('Location: https://secure.domain.com'.$_SERVER["PHP_SELF"]);
    exit(0);
}

Hi

Thanks jimp

Pascal