Mixed content Redirect rules

Disabling ssl for one page only

The problem: services that don’t support SSL

I think the best way to go is to get your entire site on SSL. But sometimes there are services that are not really up to date, they don’t provide an SSL certificate on their service.

Especially iframes often cause this problem. Browsers simply won’t load a http iframe on a https site. But even if that were possible, like with images, this wouldn’t be a good idea: mixed content errors, insecure page warnings and so on would flash in front of the user’s eyes, scaring them away. That is why Really Simple SSL changes all these resources to https, forcing them all to load securely.

The result is: when the iframe is loaded over http, the browser blocks it. When the iframe is loaded over https, the browser won’t load it because there’s no SSL certificate.

How to solve this?

In most cases, I would try contacting the service provider to try and get them to start providing a service that supports SSL.Simply adding an SSL certificate resolves it in most cases. If that is not possible, you can try disabling SSL for one page.

Solution with a plugin

To do this, I’ve developed a plugin that handles this for you. You’ll have to deactivate the free plugin, than install Really Simple SSL per page.  It will give you the option to enable SSL per page explicitly, or, when you use the “exclude pages” option, to set all pages to SSL, except the pages you have selected.

Manual solution

You can also do it manually:

Step 1:

  • Activate Really Simple SSL in safe mode
  • Activate .htaccess redirect in settings/SSL
  • Enable “stop editing the .htaccess file”

Step 2:

Open your ftp client, like filezilla, and go to the root of your website. Look for the .htaccess file. You may have to enable the “show hidden files” option.

Open this file (make a backup), and look for the

# BEGIN rlrssslReallySimpleSSL  comment

Some rows below this comment, you will see something like:
RewriteCond %{HTTPS} !=on [NC]

Right after this entry, insert the following:
RewriteCond %{REQUEST_URI} !/your-page

The end result should be something like:

# BEGIN rlrssslReallySimpleSSL rsssl_version[2.3.8]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
#this line may be different on other servers
RewriteCond %{REQUEST_URI} !/your-page #add your excluded page here
RewriteCond %{HTTP_HOST} ^domain.com [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL

This means the redirect will be used, but not on this page.

Related Articles

33 Comments

  • KenZhang

    i disabling ssl for one page only can i change 301 redirect to 404 response for one page?

    • Rogier Lankhorst

      Hi,

      Do you mean you want to redirect to a not found 404 page?

      • KenZhang

        YES If my website is xxx.com/123/
        i want redirect 404 for only this folder eg: xxx.com/123/11/

        • Rogier Lankhorst

          You can simply use this:
          RedirectMatch 404 ^/abc*
          Which redirects page abc to a 404 page

  • Mirko Pal

    Hi,for my website not working or need to use other code.I have a games website and I want to remove https on the play game page.I can not use “your page” in that part, because are thousand of pages.I try it with play_page.php, is call like that in themplate folder.Can you help me .Thanks in advance.

    • Rogier Lankhorst

      If those pages all follow some sort of generic url structure, like domain.com/games/game1 you could use something like this:
      RewriteCond %{REQUEST_URI} !^/(games/.*)$

      • Luciano

        Hello I have a similar problem, I have to disable all of template pages “gallery” for example look at this link https: https: //www.lodeate.it/gallery/popoli-tutti-acclamate-signore-testo-video/ can you help? Thank you

        • Rogier Lankhorst

          Hi Luciano,
          What is the problem with that page? It seems to load fine over https.

  • Paolo

    Hi Rogier, first of all thank you for your plugin and support!

    I followed your steps but it seems doesn’t work for me. I need to disable SSL on this page: s t u d i o p i n c e l l a [dot] it / f i n a n z a – a g e v o l a t a

    What am I doing wrong?

    Thank you so much!

  • Miguel Muñoz

    How could I do to place an external link that leads to an http site? It’s possible? When I put a link to an external site http always changes to https. Thank you.

  • chris hawkes

    tried it but must be doing something wrong, when i go to page as non-ssl / http it redirects to home page? below is line i added to htaccess – website has one page with frame in that is not available under ssl

    RewriteCond %{REQUEST_URI} !/view-our-inventory-online/

  • Harshmeet Singh

    My app developer refuses to add https on all APIs made by wordpress. so he needs a http reply to a http request and not a https.

    all my APIs are in one folder /api/
    for example
    http://romindex.com/api/get_category_index/
    http://romindex.com/api/get_recent_posts/?page=1

    when i enable SSL these APIs get converted to https and my app stops working
    I want to exclude all the urls with website.com/api/[anything here]

    I tried

    RewriteCond %{REQUEST_URI} !^/(api/.*)$
    RewriteCond %{REQUEST_URI} !/api
    RewriteCond %{REQUEST_URI} !/api/get_category_index/
    RewriteCond %{REQUEST_URI} !/romindex.com/api/get_category_index/

    • Rogier Lankhorst

      If you are using the wp_rest_api you can exclude it from https by setting the constant rsssl_no_rest_api_redirect

      • Harshmeet Singh

        How can i do that.

        I dont know how to do that.

        • Mark Wolters

          You can add the following line to your wp-config.php:

          define(‘rsssl_no_rest_api_redirect’, true);

          • Harshmeet Singh

            i tried this but its not working.
            i guess i am not using wp_rest_api

            i am using a plugn called json api.

            i even edited this line to replace https with http in the class front end .php file
            $redirect_url = “http://” . $_SERVER[‘HTTP_HOST’] . $_SERVER[‘REQUEST_URI’];

            but http://romindex.com/api/get_category_index/
            returns https://romindex.com/api/get_category_index/

            what can i do ?

            can i add some custom code in htaccess so that all the links with base urls romindex.com/api will not be redirected to https ?

          • Rogier Lankhorst

            If you have disabled both redirect types in settings/ssl, and you don’t use the rest_api, Really Simple SSL is not redirecting. Maybe the json api plugin is using the home_url or site_url, which is https. I think it’s best to contact the author of the json api plugin developer and check if there’s a filter that can be used to override the https.

  • Steve Palmer

    Greetings. I have purchased and installed “Really Simple SSL pro” and “Really Simple SSL on specific pages” and have selected the option to exclude pages from ssl – I have added two separate pages to be excluded from ssl and it is not functioning as expected. Both pages are showing with https in the url.

    Thanks in advance for your attention to this.

    • Mark Wolters

      Hi Steve,

      there is probably something else forcing the pages over https://. This could be HSTS, a plugin or for example a force ssl option from your hosting or CDN provider. If you can provide the address of your website I might be able to give you some more information.

      Mark

        • Mark Wolters

          Hi Steve,

          when I visit your site now both /search/ and the /real-estate-search/ pages are being excluded from SSL. On the homepage of your site the first menu item is Search, which links to the /real-estate-search/ page, also has a www link instead of a https:// link. Could you try to clear your browsers cache and visit the site again to see if that resolves the issue?

          Mark

  • Steve Palmer

    Clearing my browser cache did the trick, Mark. I had tried everything but that and it worked like a charm. Thanks a bunch for your help and responsiveness. Much appreciated.

  • mangopango

    Thanks so much for your help here. It took a few tweaks but finally got my tennis court bookings plugin/page coming up as http as it wouldn’t display the calendar because I think it’s using iframe. I don’t have many images to lock down so converting the site to SSL was a no-brainer for me. I only had this one page to worry about. All good now.

  • mike ryan

    Hey,

    Why does the plugin only redirect to the homepage? Rather than the same page but https://?

    • Mark Wolters

      Hi Mike,

      the plugin should redirect the same page to https://. It could be something else is doing a redirect to the home page, for example a plugin or .htaccess rule. You can check this by disabling plugins one by one to see if the issue persist and check if the .htaccess file might be doing a redirect to the homepage on https://.

      Mark

      • mike ryan

        Hi Mark,

        Thanks for the reply, ok sure, i’ve done some further research.

        Essentially we redirected from http:// to https:// on our main site, our blog is a seperate wordpress but is on the same domain. Once we redirected everything worked fine apart from the blog. I installed the plugin thinking this would sort the issue.

        The https version of each page works, although when i change the url to http:// to test the redirect. the following happens

        http://www.site.co.uk/blog/ocean-florida-villa-awards-2017/

        redirects to : https://site.co.uk/ocean-florida-villa-awards-2017/

        so it takes off the /blog/ part and creates a 404.

        How can I stop this happening?

        Thanks

        • Mark Wolters

          Hi Mike,

          What redirect option have you enabled in the plugin? Can you check the home and site URL of the WordPress blog installation? It might be missing the /blog/, thus redirecting to https://site.co.uk/ instead of https://site.co.uk/blog/.

          Mark

          • mike ryan

            Hi Mark,

            – Auto-replace mixed content
            – Enable WordPress 301 redirection to SSL
            – Enable JavaScript redirection to SSL

            the above 3 are ticked.

            Checked the instiallation settings it has the /blog/ part so should redirect to the /blog/ section

            Any other ideas?

            Thanks 🙂

Leave a Comment