Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2019-06-21 10:09:09

raminrahimi
Member
From: India
Registered: 2013-03-19
Posts: 243

how to redirect all (GET & POST) http to https dynamically ?

Anyone please help me that, I want to change all requests which are (GET & POST) from HTTP to HTTPS to secure site and textpattern dynamically.
For example if the request is coming:
GET: http://site.com/about ——> https://site.com/about
POST: http://rokyan.com/textpattern/index.php?event=form ——> https://rokyan.com/textpattern/index.php?event=form
GET/POST: http://site.com/index.php?q=services ——> https://site.com/index.php?q=services
GET: http://site.com/?id=28 ——> https://site.com/?id=28
etc…

Offline

#2 2019-06-21 12:24:10

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 7,317
Website

Re: how to redirect all (GET & POST) http to https dynamically ?

In your htaccess you could try

RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

or

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | Respbublika! | NeMe @ github

Offline

#3 2019-06-21 12:30:12

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 3,503
Website

Re: how to redirect all (GET & POST) http to https dynamically ?

For regular GET requests, you can use normal htaccess rewrites but for POST requests, you need to use a 307 redirect. The 307 means resend the entire page including POST vars. It’s probably best to do that sparingly only when you actually need it, so …

Combining the example of this article with a general http to https redirect from the html5boilerplate should give you something like this:

RewriteEngine on

# http to https for individual specified POST request page only
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} string_to_match_in_url
RewriteCond %{REQUEST_METHOD} POST
RewriteRule ^ https://%{HTTP_HOST} [R=307,L]

# http to https for all other requests
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

(replacing string_to_match_in_url with your url matches for your pages with POST requests).

To save server load, both those methods should only act on links that come as http.
The first will only act on a specific named url with a POST request and then skip the second directive.
If incoming links are already using https, neither directive will be processed.

Note: If you need to allow http, e.g. for Let’s Encrypt, see the linked HTML5boilerplate example for permitted http urls.


TXP Builders – finely-crafted code, design and txp

Offline

Board footer

Powered by FluxBB