0

This is something I've asked previously, with a suggested solution of using mod_proxy, but unfortunately even with that I cannot get this working :(

I want to re-direct from a regular link to a https sub-domain so for example https://photofileltd.co.uk/index.php?page=services would then display https://secure.photofileltd.co.uk/new_site/index.php?page=services - but retain the URL!

Here's my .htaccess file, I've added the 'P' to load the proxy thing, but I just get a 500 internal server error:

Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://secure.photofileltd.co.uk/new_site/$1 [L, P]

Any help or advice would be much appreciated, thank you

Community
  • 1
  • 1
Nick
  • 3,745
  • 20
  • 56
  • 75

1 Answers1

1

You would have to contact the web host if you can't find the log files, to find out where they keep them.

However, I will say that you shouldn't need mod_proxy, I think what you want to do is this:

# Set options
Options +FollowSymLinks -MultiViews

# Redirect insecure requests to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://secure.photofileltd.co.uk/new_site/$1 [L,QSA,R=301]
DaveRandom
  • 87,921
  • 11
  • 154
  • 174
  • Many thanks for this, unfortunately it just re-directs to the new URL, rather than keeping the requested URL in the browser - http://photofileltd.co.uk/ – Nick Apr 23 '12 at 19:42
  • 1
    Sorry, I though that was what you wanted to do? So you want to pass through the page from another server? Or is the site still hosted on the same server? I don't get why you would create a HTTPS backend and then serve it out over plain HTTP... – DaveRandom Apr 23 '12 at 19:44
  • Oh, so it's impossible to have http://www.photofileltd.co.uk as secure and showing the HTTPS backend? The problem is the whole site needs to be secure, but its setup so only secure.photofileltd.co.uk falls under https – Nick Apr 23 '12 at 19:45
  • 1
    Yes, it is possible to proxy the HTTPS site and serve that content over the HTTP url, but that completely removes the point of the security. The data you send back the client is unencrypted, you'd just make an encrypted request internally. Is it such a problem to redirect to `secure.`? I quite like to do it, I think it helps to reassure the user that the connection is secure. And since it's a subdomain, you could remove the `/new_site` portion of the URL, since it has a different docroot, and even if it doesn't the redirect won't happen to HTTPS requests. – DaveRandom Apr 23 '12 at 19:49
  • Ah, I see - many thanks, very interesting and a good explanation. I think in this case it's just for an email form, so I will ask them if they actually need SSL! – Nick Apr 23 '12 at 20:00
  • hosts: "it'll cost more as I will have to get the whole certificate renewed to cover the whole domain rather than just the subdomain" that's that then! – Nick Apr 24 '12 at 09:00
  • This is true, but why can't you just redirect all visitors to the `secure.` subdomain? Or, just host the parts of the site that *need* to be secured (file downloads, user portal, payment gateway etc - I don't know exactly what your site does/why you want it to be secure) on the subdomain? – DaveRandom Apr 24 '12 at 10:28