How to https a folder in Apache?

Question

I have a website that has wordpress and SugarCRM installed for a same domain. I have made few pages in wordpress to be https.

Now, I wish to make CRM to also be forced https. Note that I do not want everything to be https. Just 2 pages in wordpress and entire directory containing CRM.

I already have:

http://mysite.com
http://mysite/blog
https://mysite.com/login
https://mysite.com/cart

Now how to transform http://mysite/CRM to https://mysite.com/CRM

Whole directory CRM and its subfolders must be encrypted. How to do it? The server is Apache.

Just curious. Why wouldn't you want to make everything to go over TLS? — PeeHaa, Aug 25 '13 at 16:03
Because it makes site unnecessarily slow. Some pages really don't need encryption. — Chirag, Aug 25 '13 at 16:05
Have you measured it? Because it just is not *slow* as you state. — PeeHaa, Aug 25 '13 at 16:06
Well that site is just for sake of reference. Did you actually visit that site. :P — Chirag, Aug 25 '13 at 16:09
No I have not. But I have multiple sites who are running on TLS. Saying TLS noticeably slows down your website is mostly FUD. More likely there are other bottlenecks. I.e. WP. — PeeHaa, Aug 25 '13 at 16:11
Furthermore, I am caching some of my pages. Therefore I don't want to encrypt them. That saves some bandwidth. — Chirag, Aug 25 '13 at 16:11
yeah great. That would mean you cannot login secure cookies. — PeeHaa, Aug 25 '13 at 16:38
All the pages that ask for login credentials are encrypted and others are not. Wouldn't that be enough to keep the users secure? — Chirag, Aug 25 '13 at 17:17
No. When you login a user you want to secure the session cookie (and possible other cookies) by setting [the secure flag](http://php.net/manual/en/function.setcookie.php) on it. Meaning it will only be added over a secure connection. — PeeHaa, Aug 25 '13 at 17:25
@Chirag: That answer is [**absolutely incorrect**. Browsers do cache SSL-delivered content.](http://stackoverflow.com/q/174348/201952) — josh3736, Aug 25 '13 at 22:47
Is there a way to checkout that on a particular page with https... browser is storing cache or not? I want to test on my site... — Chirag, Aug 25 '13 at 23:40

score 0 · Accepted Answer · edited Oct 19 '13 at 09:26

0

Added this in .htaccess within the folder to be encrypted:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} SugarCRM
RewriteRule ^(.*)$ https://mysite.com/SugarCRM/$1 [R,L]

edited Oct 19 '13 at 09:26

Community

1
1

answered Aug 25 '13 at 22:36

Chirag

1,189
2
21
43

How to https a folder in Apache?

1 Answers1