Home/ Questions/Q 6362389
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T23:54:06+00:00

I have ssl enabled on whole website, but I need to force all pages

  • 0

I have ssl enabled on whole website, but I need to force all pages except login.php and register.php to http://

So basically I only need login.php and register.php pages to be https:// protocol-ed.

Right now I have script that makes login.php page https:// encrypted , but I don’t understand how to add register.php to this code

Options +FollowSymLinks 
RewriteEngine On

RewriteBase /

# Turn SSL on for payments
RewriteCond %{HTTPS} off
RewriteCond %{SCRIPT_FILENAME} \/login\.php [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

# Turn SSL off everything but payments
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !\/login\.php [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]

Any ideas on how to edi/make this code to set login.php and register.php pages to https:// and all others to http://

Thank you

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you are familiar with mod_rewrite and regex a little bit, you should have no problems reading these rules — comments are present explaining what particular rule does. the rest — regex basics:

    Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteBase /

# force https for /login.php and /register.php
RewriteCond %{HTTPS} =off
RewriteRule ^(login|register)\.php$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# don't do anything for images/css/js (leave protocol as is)
RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L]

# force http for all other URLs
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/(login|register)\.php$
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    1. These rules need to be placed in .htaccess in website root folder BEFORE any other rewrite rules (if such present). If placed elsewhere some small tweaking may be required.

    2. They will

      • force HTTPS for /login.php and /register.php,
      • do nothing for images, css styles and JavaScript files (to be precise, for files with those extensions)
      • and will force HTTP for all other URLs

    3. You can easily add other URLs to that list — just edit existing rule by adding additional file name to the list (the same text in 2 places: 1) to force 2) to exclude)

    4. File names are case-sensitive. So these rules will not work if /LOGIN.php is requested (Apache will not serve it either, as Linux is case-sensitive OS .. so no need to worry much here).

    5. Obvious thing: mod_rewrite should be enabled and .htaccess files needs to be processed by Apache (some website hosting companies disabling them for performance and security reasons).

    • 0