1

I'm trying to help a friend whose client knee-jerked her whole site into SSL after a hacking attempt. It's wreaking havoc w/ her SEO, causing duplicate pages to be indexed, bleeding PageRank where old links no longer point to the correct URL, etc, etc.

Anyway, I modeled the .htaccess after another post on here that seemed to almost fit the bill, but I wanted to run it by the experts here to make sure that the file looked correct.

Basically, ALL pages on the site need to be redirected back to HTTP from HTTPS except a handful of html pages, some .php pages, and a .cgi script. Can you tell me if there's an easy rule to set all php pages to be HTTPS, and then set a few additional HTML pages behind HTTPS and a .cgi script? I'd really appreciate it. Here's what I've got so far:

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit GET POST>
order deny,allow
deny from all
</Limit>
AuthName thedomain.com
AuthUserFile /home/thesitename/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/thesitename/public_html/_vti_pvt/service.grp

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} page1.html
RewriteCond %{REQUEST_URI} page2.html
RewriteCond %{REQUEST_URI} page3.html
RewriteCond %{REQUEST_URI} page4.html
RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC]
RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC]
RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC]
RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC]
RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC]
RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC]
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301]

RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !(auth|register|secure)
RewriteCond %{REQUEST_URI} !originalpage.php
RewriteCond %{REQUEST_URI} !cgi-script.cgi
RewriteRule ^(.*)$ http://%{SERVER_NAME}%{REQUEST_URI} [R=301]
Community
  • 1
  • 1
user1767315
  • 11
  • 1

1 Answers1

0

Can you tell me if there's an easy rule to set all php pages to be HTTPS, and then set a few additional HTML pages behind HTTPS and a .cgi script?

This rule redirects all php scripts, 4 html pages, and a cgi-script to HTTPS if the request isn't HTTPS

RewriteCond %{HTTPS} off
RewriteCond ${REQUEST_URI} \.php$ [OR]
RewriteCond %{REQUEST_URI} /page1.html$ [OR]
RewriteCond %{REQUEST_URI} /page2.html$ [OR]
RewriteCond %{REQUEST_URI} /page3.html$ [OR]
RewriteCond %{REQUEST_URI} /page4.html$ [OR]
RewriteCond %{REQUEST_URI} /cgi-script.cgi$ 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This rule does the opposite, redirecting anything that is HTTPS and isn't a php script, those 4 html pages or the cgi-script to HTTP

RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !\.php$
RewriteCond %{REQUEST_URI} !/page1.html$
RewriteCond %{REQUEST_URI} !/page2.html$
RewriteCond %{REQUEST_URI} !/page3.html$
RewriteCond %{REQUEST_URI} !/page4.html$
RewriteCond %{REQUEST_URI} !/cgi-script.cgi$ 
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Jon Lin
  • 142,182
  • 29
  • 220
  • 220
  • Hey! Thanks! I really appreciate it! I'm very, very sorry for the late response; I never got an email that the thread had been updated, and lost track of it. I'll try this suggestion and reply with results. Again, thanks so much for your time and help! – user1767315 Dec 03 '12 at 05:22
  • You, sir, (with no disrespect to His Sheen-ness) are a fricken Rockstar from Mars! It works perfectly! Thanks again! You're a life saver. I have one other question, related to this. I've removed a bunch of pages that are no longer relevant (most of them date back to 1997 and have a ton of broken links) but to retain the PageRank, I'd like to 301 them to related pages or the home page (if no related page is found). I dropped the 301s in right before the last line you provided, but I get a 500 Server Error. What am I doing wrong? Format: Redirect 301 /a-page.html http://www.site-home-page.com – user1767315 Dec 03 '12 at 05:39