Mixed content Redirect rules

Disabling ssl for one page only

The problem: services that don’t support SSL

I think the best way to go is to get your entire site on SSL. But sometimes there are services that are not really up to date, they don’t provide an SSL certificate on their service.

How to solve this?

In most cases, I would try contacting them to try and get them to enter the current century, and start providing a service that supports SSL.

If that is not possible, you can try disabling SSL for one page. There is a catch with this: when a visitor has viewed your homepage, any modern browser will push all your subpages over SSL as well. So if you do this, you have to exclude your homepage as well. Are you prepared to do this?

Why does it work this way?

I think browsers tend to see any url as a separate url, but in a hierarchical way: domain.com/page does not affect ssl on domain.com/page2. But if you put domain.com on SSL, domain.com/page as well as domain.com/page2 will get request over SSL as well.

Solution with a plugin

To do this, I’ve developed a plugin that handles this for you. You’ll have to deactivate the free plugin, than install Really Simple SSL per page.  I’ve excluded the homepage from being forced over SSL, for reasons explained above.

Manual solution

You can also do it manually:

Step 1:

  • In the Really Simple SSL settings, disable the javascript redirect to SSL
  • Enable the checkbox “stop editing the .htaccess”

Step 2:

Open your ftp client, like filezilla, and go to the root of your website. Look for the .htaccess file. You may have to enable the “show hidden files” option.

Open this file (make a backup), and look for the

# BEGIN rlrssslReallySimpleSSL  comment

Some rows below this comment, you will see something like:
RewriteCond %{HTTPS} !=on [NC]

Right after this entry, insert the following:
RewriteCond %{REQUEST_URI} !/your-page

The end result should be something like:

# BEGIN rlrssslReallySimpleSSL rsssl_version[2.3.8]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC] #this line may be different on other servers
RewriteCond %{REQUEST_URI} !/your-page #add your excluded page here
RewriteCond %{HTTP_HOST} ^domain.com [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# END rlrssslReallySimpleSSL

This means the redirect will be used, but not on this page.

Related Articles

Leave a Comment