How to disable HTTPS on a particular page?

ssl

#1

Hello

I currently have SSL Full enabled and also Automatic HTTPS Redirection is enabled. My whole website redirects to HTTPS. But I want one of my page to stop redirecting to SSL. The page is like https://www.example.com/surf.php. Here on this page. I want the website to Turn Off SSL. I tried setting Page Rules but that didn’t work. Can anybody tell me how to do this?

Regards


Turn of SSL (https) on a particular PHP page
#2

You’ll have to do it backwards, as Crypto’s HTTPS settings happen before Page Rules.

Turn off the Auto HTTPS Redirection, then use a Page rule for that one page to set SSL to Off, then a global Page Rule *example.com* that turns all the HTTPS stuff on.


#3

Can you please show that with image (screenshots) on how to set page rule for a particular page and global? Writing URL confuses me on how where to set a * and where not to.


#4

Also, should I even turn off the regular SSL and then turn it on by using page rules? Please help me step by step with screenshots.

I currently tried.

  1. Turned on SSL to Full (On Crypto Page)
  2. Turn Auto HTTPS redirection off (On Crypto Page)
  3. Added Page Rule for http://demo.mydomain.com/surf.php where I added setting to turn SSL to Off (fires first). Please note its a sub domain.
  4. Added Page Rule for http://*mydomain.com* where I added setting to force HTTP redirection.

Still on this page http://demo.mydomain.com/surf.php its still getting redirected to HTTPS. What mistake am I making? Please help.


#5

Hello

I have a page where I want to turn of HTTPS redirection. Currently, my website loads in HTTPS automatically as “Always use HTTPS” is ON. And my SSL is Flexible. Now what I want is that on a particular page I want to turn of HTTPS to prevent mixed content as in that page http links are loaded. The page is on a subdomain http://demo.mydomain.com/surf.php. I asked this question before and someone suggested me to do the following.

`You’ll have to do it backwards, as Crypto’s HTTPS settings happen before Page Rules.

Turn off the Auto HTTPS Redirection, then use a Page rule for that one page to set SSL to Off, then a global Page Rule example.com that turns all the HTTPS stuff on.`

Then I tried the following:

  1. Turned on SSL to Flexible (On Crypto Page)
  2. Turn Auto HTTPS redirection off (On Crypto Page)
  3. Added Page Rule for http://demo.mydomain.com/surf.php where I added setting to turn SSL to Off (fires first). Please note its a sub domain.
  4. Added Page Rule for http://*mydomain.com* where I added setting to force HTTP redirection.

Still on this page http://demo.mydomain.com/surf.php its still getting redirected to HTTPS. What mistake am I making? Please help.


#6

Per your duplicate post at StackOverflow, you’re probably going about this wrong.


Can you post the true URL so we can help you get this done the right way?


#7

True URL mentioned in comments. Please check. I have even tagged you.


#8

You can do what @sdayman said above, or manage the redirection in htaccess per the SO thread.


#9

I already tried it you can see in the comment just above your comment. But still it didn’t work. That page is still loading in HTTPS along the whole website. I am mentioning the steps I followed here again with true URLs. If you think I made any mistake then please correct me.

I tried the following:

  1. Turned on SSL to Flexible (On Crypto Page)
  2. Turn Auto HTTPS redirection off (On Crypto Page)
  3. Added Page Rule for http://demo.aurazoscript.com/surf.php where I added setting to turn SSL to Off (fires first). Please note its a sub domain.
  4. Added Page Rule for http://*aurazoscript.com* where I added setting to force HTTP redirection.

Regards


#10

The .htaccess method didn’t work either. That code kept redirecting my website untill the browser quit. Please help me sir.


#11

I already tried it you can see in the comment just above your comment. But still it didn’t work. That page is still loading in HTTPS along the whole website. I am mentioning the steps I followed here again with true URLs. If you think I made any mistake then please correct me.

I tried the following:

  1. Turned on SSL to Flexible (On Crypto Page)
  2. Turn Auto HTTPS redirection off (On Crypto Page)
  3. Added Page Rule for http://demo.aurazoscript.com/surf.php where I added setting to turn SSL to Off (fires first). Please note its a sub domain.
  4. Added Page Rule for http://*http://aurazoscript.com* where I added setting to force HTTP redirection.
    The .htaccess method didn’t work either. That code kept redirecting my website until the browser quit. Please help me sir.

#12

I would suggest not using CF for redirection. Work on your htaccess file only. I’m a little rusty in htacess, but I think this is the solution:

# if not ssl and if not surf.php, redirect to ssl
RewriteCond %{HTTPS} ^off$
RewriteCond %{REQUEST_URI} !surf\.php$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

# if ssl and if surf.php, redirect to not ssl
RewriteCond %{HTTPS} ^on$
RewriteCond %{REQUEST_URI} ^surf\.php$
RewriteRule ^.*$ http://%{SERVER_NAME}%{REQUEST_URI} [R,L]

#13

While applying this htaccess method should I remove the page rules I created?


#14

Remove the page rules regarding ssl redirect and have SSL as flexible.


#15

OK, found some htaccess code I’ve used previously…

# FORCE HTTPS in /store/ and /admin/
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} \/(store|admin)
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

# DISABLE HTTPS except for /store/ and /admin/
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !\/(store|admin) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [R=301,L]

So for you, I assume it would be:

# FORCE HTTPS
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} \/(surf.php)
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

# DISABLE HTTPS
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !\/(surf.php) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [R=301,L]

#16

Sir

I have set SSL to Flexible. Deleted all page rules I had set before. Turned of “Always use HTTPS”. And placed this code in my .htaccess file and uploaded the file to my subdomain http://demo.aurazoscript.com

Code placed in .htaccess

FORCE HTTPS

RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !/(surf.php)
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

DISABLE HTTPS

RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} /(surf.php) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [R=301,L]

Now Result

My main website www.aurazoscript.com has lost forced HTTPS and my subdomain demo.aurazoscript.com has gained HTTPS as I placed the htaccess file in my subdomain folder. And the main part, the page I needed the SSL to be turned of demo.aurazoscript.com/surf.php still loads in HTTPS. What should be the reason now? I followed each and every step of yours. Please help.


#17

Try replacing %{SERVER_NAME} and %{HTTP_HOST} with your hardcoded subdomain.


#18

Is this okay?

FORCE HTTPS

RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !/(surf.php)
RewriteRule .* https://demo.aurazoscript.com%{REQUEST_URI} [R=301,L]

DISABLE HTTPS

RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} /(surf.php) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ http://demo.aurazoscript.com$1 [R=301,L]


#19

This topic was automatically closed after 14 days. New replies are no longer allowed.