How to disable HTTPS on a particular page?

Hello

I currently have SSL Full enabled and also Automatic HTTPS Redirection is enabled. My whole website redirects to HTTPS. But I want one of my page to stop redirecting to SSL. The page is like https://www.example.com/surf.php. Here on this page. I want the website to Turn Off SSL. I tried setting Page Rules but that didn’t work. Can anybody tell me how to do this?

Regards

You’ll have to do it backwards, as Crypto’s HTTPS settings happen before Page Rules.

Turn off the Auto HTTPS Redirection, then use a Page rule for that one page to set SSL to Off, then a global Page Rule *example.com* that turns all the HTTPS stuff on.

1 Like

Can you please show that with image (screenshots) on how to set page rule for a particular page and global? Writing URL confuses me on how where to set a * and where not to.

Also, should I even turn off the regular SSL and then turn it on by using page rules? Please help me step by step with screenshots.

I currently tried.

  1. Turned on SSL to Full (On Crypto Page)
  2. Turn Auto HTTPS redirection off (On Crypto Page)
  3. Added Page Rule for http://demo.mydomain.com/surf.php where I added setting to turn SSL to Off (fires first). Please note its a sub domain.
  4. Added Page Rule for http://*mydomain.com* where I added setting to force HTTP redirection.

Still on this page http://demo.mydomain.com/surf.php its still getting redirected to HTTPS. What mistake am I making? Please help.

Hello

I have a page where I want to turn of HTTPS redirection. Currently, my website loads in HTTPS automatically as “Always use HTTPS” is ON. And my SSL is Flexible. Now what I want is that on a particular page I want to turn of HTTPS to prevent mixed content as in that page http links are loaded. The page is on a subdomain http://demo.mydomain.com/surf.php. I asked this question before and someone suggested me to do the following.

`You’ll have to do it backwards, as Crypto’s HTTPS settings happen before Page Rules.

Turn off the Auto HTTPS Redirection, then use a Page rule for that one page to set SSL to Off, then a global Page Rule example.com that turns all the HTTPS stuff on.`

Then I tried the following:

  1. Turned on SSL to Flexible (On Crypto Page)
  2. Turn Auto HTTPS redirection off (On Crypto Page)
  3. Added Page Rule for http://demo.mydomain.com/surf.php where I added setting to turn SSL to Off (fires first). Please note its a sub domain.
  4. Added Page Rule for http://*mydomain.com* where I added setting to force HTTP redirection.

Still on this page http://demo.mydomain.com/surf.php its still getting redirected to HTTPS. What mistake am I making? Please help.

Per your duplicate post at StackOverflow, you’re probably going about this wrong.
https://stackoverflow.com/questions/49659283/do-not-load-Cloudflare-ssl-on-a-particular-page
Can you post the true URL so we can help you get this done the right way?

True URL mentioned in comments. Please check. I have even tagged you.

You can do what @sdayman said above, or manage the redirection in htaccess per the SO thread.

I already tried it you can see in the comment just above your comment. But still it didn’t work. That page is still loading in HTTPS along the whole website. I am mentioning the steps I followed here again with true URLs. If you think I made any mistake then please correct me.

I tried the following:

  1. Turned on SSL to Flexible (On Crypto Page)
  2. Turn Auto HTTPS redirection off (On Crypto Page)
  3. Added Page Rule for http://demo.aurazoscript.com/surf.php where I added setting to turn SSL to Off (fires first). Please note its a sub domain.
  4. Added Page Rule for http://*aurazoscript.com* where I added setting to force HTTP redirection.

Regards

The .htaccess method didn’t work either. That code kept redirecting my website untill the browser quit. Please help me sir.

I already tried it you can see in the comment just above your comment. But still it didn’t work. That page is still loading in HTTPS along the whole website. I am mentioning the steps I followed here again with true URLs. If you think I made any mistake then please correct me.

I tried the following:

  1. Turned on SSL to Flexible (On Crypto Page)
  2. Turn Auto HTTPS redirection off (On Crypto Page)
  3. Added Page Rule for http://demo.aurazoscript.com/surf.php where I added setting to turn SSL to Off (fires first). Please note its a sub domain.
  4. Added Page Rule for http://*http://aurazoscript.com* where I added setting to force HTTP redirection.
    The .htaccess method didn’t work either. That code kept redirecting my website until the browser quit. Please help me sir.

I would suggest not using CF for redirection. Work on your htaccess file only. I’m a little rusty in htacess, but I think this is the solution:

# if not ssl and if not surf.php, redirect to ssl
RewriteCond %{HTTPS} ^off$
RewriteCond %{REQUEST_URI} !surf\.php$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

# if ssl and if surf.php, redirect to not ssl
RewriteCond %{HTTPS} ^on$
RewriteCond %{REQUEST_URI} ^surf\.php$
RewriteRule ^.*$ http://%{SERVER_NAME}%{REQUEST_URI} [R,L]

While applying this htaccess method should I remove the page rules I created?

Remove the page rules regarding ssl redirect and have SSL as flexible.

OK, found some htaccess code I’ve used previously…

# FORCE HTTPS in /store/ and /admin/
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} \/(store|admin)
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

# DISABLE HTTPS except for /store/ and /admin/
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !\/(store|admin) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [R=301,L]

So for you, I assume it would be:

# FORCE HTTPS
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} \/(surf.php)
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

# DISABLE HTTPS
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !\/(surf.php) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [R=301,L]

Sir

I have set SSL to Flexible. Deleted all page rules I had set before. Turned of “Always use HTTPS”. And placed this code in my .htaccess file and uploaded the file to my subdomain http://demo.aurazoscript.com

Code placed in .htaccess

FORCE HTTPS

RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !/(surf.php)
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

DISABLE HTTPS

RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} /(surf.php) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [R=301,L]

Now Result

My main website www.aurazoscript.com has lost forced HTTPS and my subdomain demo.aurazoscript.com has gained HTTPS as I placed the htaccess file in my subdomain folder. And the main part, the page I needed the SSL to be turned of demo.aurazoscript.com/surf.php still loads in HTTPS. What should be the reason now? I followed each and every step of yours. Please help.

Try replacing %{SERVER_NAME} and %{HTTP_HOST} with your hardcoded subdomain.

Is this okay?

FORCE HTTPS

RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !/(surf.php)
RewriteRule .* https://demo.aurazoscript.com%{REQUEST_URI} [R=301,L]

DISABLE HTTPS

RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} /(surf.php) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ http://demo.aurazoscript.com$1 [R=301,L]

This topic was automatically closed after 14 days. New replies are no longer allowed.