Raphael Portmann Raphael Portmann - 3 months ago 7
PHP Question

Forcing Non-SSL when specific url parameter is given

Ok I found out that I can force users to use SSL by changing something in the .htaccess file:

RewriteEngine On
RewriteBase /

# Force SSL
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Deny Access to all .htaccess
<Files .htaccess>
order allow,deny
deny from all
</Files>


I'm not really good in writing .htaccess files so i most likely copy-paste it from the internet.

My question is if it's possible to always force ssl with one exception (When someone is visiting a http site with a specific url parameter).

Example 1:

http://example.com/test?name=John


gets redirected to

https://example.com/test?name=John


Example 2:

http://example.com/test?name=John&nossl=1


doesn't get redirected to

https://example.com/test?name=John&nossl=1


Is it possible to write that in htaccess or do i need to include a php file to every single page that's doing this?

Answer

This question is a DUPLICATE

BTW

Put this before the # Force SSL condition.

RewriteCond %{QUERY_STRING} (^|&)nossl=(1)(&|$)
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]