Mixed content Redirect rules

Disabling ssl for one page only

The problem: services that don’t support SSL

I think the best way to go is to get your entire site on SSL. But sometimes there are services that are not really up to date, they don’t provide an SSL certificate on their service.

Especially iframes often cause this problem. Browsers simply won’t load a http iframe on a https site. But even if that were possible, like with images, this wouldn’t be a good idea: mixed content errors, insecure page warnings and so on would flash in front of the user’s eyes, scaring them away. That is why Really Simple SSL changes all these resources to https, forcing them all to load securely.

The result is: when the iframe is loaded over http, the browser blocks it. When the iframe is loaded over https, the browser won’t load it because there’s no SSL certificate.

How to solve this?

In most cases, I would try contacting the service provider to try and get them to start providing a service that supports SSL.Simply adding an SSL certificate resolves it in most cases. If that is not possible, you can try disabling SSL for one page.

Solution with a plugin

To do this, I’ve developed a plugin that handles this for you. You’ll have to deactivate the free plugin, than install Really Simple SSL per page.  It will give you the option to enable SSL per page explicitly, or, when you use the “exclude pages” option, to set all pages to SSL, except the pages you have selected.

Manual solution

You can also do it manually:

Step 1:

  • Activate Really Simple SSL in safe mode
  • Activate .htaccess redirect in settings/SSL
  • Enable “stop editing the .htaccess file”

Step 2:

Open your ftp client, like filezilla, and go to the root of your website. Look for the .htaccess file. You may have to enable the “show hidden files” option.

Open this file (make a backup), and look for the

# BEGIN rlrssslReallySimpleSSL  comment

Some rows below this comment, you will see something like:
RewriteCond %{HTTPS} !=on [NC]

Right after this entry, insert the following:
RewriteCond %{REQUEST_URI} !/your-page

The end result should be something like:

# BEGIN rlrssslReallySimpleSSL rsssl_version[2.3.8]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
#this line may be different on other servers
RewriteCond %{REQUEST_URI} !/your-page #add your excluded page here
RewriteCond %{HTTP_HOST} ^domain.com [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL

This means the redirect will be used, but not on this page.

Related Articles

21 Comments

  • KenZhang

    i disabling ssl for one page only can i change 301 redirect to 404 response for one page?

    • Rogier Lankhorst

      Hi,

      Do you mean you want to redirect to a not found 404 page?

      • KenZhang

        YES If my website is xxx.com/123/
        i want redirect 404 for only this folder eg: xxx.com/123/11/

        • Rogier Lankhorst

          You can simply use this:
          RedirectMatch 404 ^/abc*
          Which redirects page abc to a 404 page

  • Mirko Pal

    Hi,for my website not working or need to use other code.I have a games website and I want to remove https on the play game page.I can not use “your page” in that part, because are thousand of pages.I try it with play_page.php, is call like that in themplate folder.Can you help me .Thanks in advance.

    • Rogier Lankhorst

      If those pages all follow some sort of generic url structure, like domain.com/games/game1 you could use something like this:
      RewriteCond %{REQUEST_URI} !^/(games/.*)$

      • Luciano

        Hello I have a similar problem, I have to disable all of template pages “gallery” for example look at this link https: https: //www.lodeate.it/gallery/popoli-tutti-acclamate-signore-testo-video/ can you help? Thank you

        • Rogier Lankhorst

          Hi Luciano,
          What is the problem with that page? It seems to load fine over https.

  • Paolo

    Hi Rogier, first of all thank you for your plugin and support!

    I followed your steps but it seems doesn’t work for me. I need to disable SSL on this page: s t u d i o p i n c e l l a [dot] it / f i n a n z a – a g e v o l a t a

    What am I doing wrong?

    Thank you so much!

  • Miguel Muñoz

    How could I do to place an external link that leads to an http site? It’s possible? When I put a link to an external site http always changes to https. Thank you.

  • chris hawkes

    tried it but must be doing something wrong, when i go to page as non-ssl / http it redirects to home page? below is line i added to htaccess – website has one page with frame in that is not available under ssl

    RewriteCond %{REQUEST_URI} !/view-our-inventory-online/

  • Harshmeet Singh

    My app developer refuses to add https on all APIs made by wordpress. so he needs a http reply to a http request and not a https.

    all my APIs are in one folder /api/
    for example
    http://romindex.com/api/get_category_index/
    http://romindex.com/api/get_recent_posts/?page=1

    when i enable SSL these APIs get converted to https and my app stops working
    I want to exclude all the urls with website.com/api/[anything here]

    I tried

    RewriteCond %{REQUEST_URI} !^/(api/.*)$
    RewriteCond %{REQUEST_URI} !/api
    RewriteCond %{REQUEST_URI} !/api/get_category_index/
    RewriteCond %{REQUEST_URI} !/romindex.com/api/get_category_index/

    • Rogier Lankhorst

      If you are using the wp_rest_api you can exclude it from https by setting the constant rsssl_no_rest_api_redirect

        • Mark Wolters

          You can add the following line to your wp-config.php:

          define(‘rsssl_no_rest_api_redirect’, true);

          • Harshmeet Singh

            i tried this but its not working.
            i guess i am not using wp_rest_api

            i am using a plugn called json api.

            i even edited this line to replace https with http in the class front end .php file
            $redirect_url = “http://” . $_SERVER[‘HTTP_HOST’] . $_SERVER[‘REQUEST_URI’];

            but http://romindex.com/api/get_category_index/
            returns https://romindex.com/api/get_category_index/

            what can i do ?

            can i add some custom code in htaccess so that all the links with base urls romindex.com/api will not be redirected to https ?

          • Rogier Lankhorst

            If you have disabled both redirect types in settings/ssl, and you don’t use the rest_api, Really Simple SSL is not redirecting. Maybe the json api plugin is using the home_url or site_url, which is https. I think it’s best to contact the author of the json api plugin developer and check if there’s a filter that can be used to override the https.

Leave a Comment