1

I want to force HTTP for one page i.e. preview.php. Rest the website can use HTTPS. Because preview.php has an iframe which loads the content from NON-Secured locations. And hence do not display on a secured page.

I have tried several solutions here on Stack Overflow but didn't work. Any suggestion will be appreciated. My code as follows:

If there is any mistake in code below. Please me know.:

I have tried the following solutions mentioned here :

Force HTTPS on certain URLs and force HTTP for all others

Force https for some pages and http for all others

How to force rewrite to HTTPS except for a few pages in Apache?

Using .htaccess to control HTTPS on certain pages

<FilesMatch "(?i)^.*\.(ico|flv|jpg|jpeg|png|gif|js|css)$">
ExpiresActive On
ExpiresDefault A432000
</FilesMatch>

Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /

SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots
Deny from env=block_bad_bots

# index.php to /
RewriteCond %{THE_REQUEST} ^GET\ /.*/index\.(php|html)\ HTTP
RewriteRule (.*)index\.(php|html)$ /$1 [R=301,L]

# force www.
RewriteCond %{HTTP_HOST} ^www\.domain\.co [NC]
RewriteRule ^(.*)$ http://domain.co/$1 [L,R=301]

RewriteCond %{HTTPS} ^off$
RewriteCond %{REQUEST_URI} !preview\.php$
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

#RewriteCond %{HTTPS} off
#RewriteCond %{REQUEST_URI} !/preview
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301]    

# To externally redirect /dir/foo.php to /dir/foo
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
RewriteRule ^ %1 [R=301,NE,L]

RewriteRule ^profile/(.+)$ profile.php?username=$1 [L,NC,QSA]
RewriteRule ^dashboard/(.+)$ dashboard.php?option=$1 [L,NC,QSA]

RewriteRule ^theme/([a-zA-Z0-9-/]+).html$ theme.php?themename=$1
RewriteRule ^theme/([a-zA-Z0-9-/]+).html/$ theme.php?themename=$1

RewriteRule ^preview/([a-zA-Z0-9-/]+).html$ preview.php?themename=$1
RewriteRule ^preview/([a-zA-Z0-9-/]+).html/$ preview.php?themename=$1

RewriteRule ^category/([0-9]+)$ category.php?page=$1
RewriteRule ^category/([0-9]+)/$ category.php?page=$1

RewriteRule ^category/([a-zA-Z0-9_-]+)$ category.php?cat=$1
RewriteRule ^category/([a-zA-Z0-9_-]+)/$ category.php?cat=$1

RewriteRule ^category/([a-zA-Z0-9_-]+)/([0-9]+)$ category.php?cat=$1&page=$2
RewriteRule ^category/([a-zA-Z0-9_-]+)/([0-9]+)/$ category.php?cat=$1&page=$2

RewriteRule ^category/([a-zA-Z0-9_-]+)/([a-zA-Z0-9_-]+)/([0-9]+)$ category.php?cat=$1&subcat=$2&page=$3
RewriteRule ^category/([a-zA-Z0-9_-]+)/([a-zA-Z0-9_-]+)/([0-9]+)/$ category.php?cat=$1&subcat=$2&page=$3

RewriteRule ^category/([a-zA-Z0-9_-]+)/([a-zA-Z0-9_-]+)$ category.php?cat=$1&subcat=$2
RewriteRule ^category/([a-zA-Z0-9_-]+)/([a-zA-Z0-9_-]+)/$ category.php?cat=$1&subcat=$2

RewriteRule ^header.php page-not-found.php [R=301,L]
RewriteRule ^footer.php page-not-found.php [R=301,L]

# To internally forward /dir/foo to /dir/foo.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+?)/?$ $1.php [L]

<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

<IfModule mod_deflate.c>
  # Compress HTML, CSS, JavaScript, Text, XML and fonts
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
  AddOutputFilterByType DEFLATE application/x-font
  AddOutputFilterByType DEFLATE application/x-font-opentype
  AddOutputFilterByType DEFLATE application/x-font-otf
  AddOutputFilterByType DEFLATE application/x-font-truetype
  AddOutputFilterByType DEFLATE application/x-font-ttf
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE font/opentype
  AddOutputFilterByType DEFLATE font/otf
  AddOutputFilterByType DEFLATE font/ttf
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE image/x-icon
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/xml

#  # Remove browser bugs (only needed for really old browsers)
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
  Header append Vary User-Agent
</IfModule>

ErrorDocument 404 /page-not-found.php
Community
  • 1
  • 1
vitorio
  • 329
  • 1
  • 3
  • 18
  • Easiest way would be to setup a secure proxy on your website which loads the content of the iframe and returns it, so only your webserver deals with HTTP and not the client. You might want to look at [this](http://stackoverflow.com/questions/18327314/how-to-allow-http-content-within-an-iframe-on-a-https-site) – rbntd Nov 18 '16 at 06:19
  • @rbntd No it will not works for me. It will preview a web theme which will navigate to different pages. It must be done in an iframe. So I need to force HTTP for preview.php. – vitorio Nov 18 '16 at 06:24
  • Possible duplicate of [How to force rewrite to HTTPS except for a few pages in Apache?](http://stackoverflow.com/questions/5818146/how-to-force-rewrite-to-https-except-for-a-few-pages-in-apache) – hjpotter92 Nov 18 '16 at 06:46
  • @hjpotter92 I have tried it also but no luck – vitorio Nov 18 '16 at 07:20

0 Answers0