ssl and urls - mod_rewrite

Hello,

I've set up a site which uses ssl certificates for one particular section on my site, so it therefore has the https:// prefit rather than http://

Now, the problems I have are:
- most my links are relative
- Google and co when spidering will therefore follow the relative links to the rest of my site, but with the https prefix, leading to duplicate content etc.

I was therefore wondering, if there was a way to stop all urls except one in a speicific folder to redirect to http:// using mod_rewrite or something?
eg https://domain.com/anyotherfolders -> http://domain.com/anyotherfolders
but
https://domain.com/securefolder -> stays the same

Thanks for any help

 

What do you mean "duplicate content"?

https:// goes to a different port than http:// and mod_rewrite wouldn't be much help here, except if used for redirection. I think the best way is to limit the number of non-secure links on the secure page and use explicit http:// prefix on all of them.

For example, if your secure link is to your payment page, you can remove the usual navigation menu from this page and have only two links explicitly prefixed with http:// - Home and Continue Shopping.

You may need to use server-side script to create these links if your server may be accessed by different host names (e.g my-host.com and my-host.org). For example <a href="http://<HTTP-host-header>/home.html>.

J.D.

 

I'd end up with two pages with the same content on, eg http://domain.com/page1.htm and https://domain.com/page1.htm, same content, just with an additional s. Might not make much difference but I don't want to harm my listing in any search engines as it's hard enough already!

Thanks, thought I may have to end up doing this in the end, was hoping there'd be a quick fix tho - doesn't seem to be such a thing when it involves SEO though!

 

Are you saying that you have two physical directories, one for HTTP and one for HTTPS access or you are talking about duplicate listings on Google?

J.D.

 

Dulipcate listings on google, it's already started to happen so I want to try and address it as quickly as possible.

The http and https are exactly the same, all under the same directory, just one has the https prefix as it contains sensitive data. I'll show you the page as it might be easier to explain - https://www.officialringtonechart.com/unlocking/ - it unlocks Nokia phones for free, but as some people are concerned about their IMEI numbers, I made it secure so they didn't need to worry as much.

There wouldn't be a massive number of links to change, but for some reason I just prefer to keep links relative, so was hoping for a htaccess type way of redirecting it.

 

Ok, then you can add <meta name="robots" content="noindex,nofollow"> if a page is served over HTTPS (it would require server-side processing). Since all of your pages can be accessed over HTTP as well, this should take care of duplicate listings.

If you are concerned about privacy, you shouldn't even allow people to view this page over HTTP (redirect them to the secure version of the page).

J.D.

 

Along these lines, there's a simple solution for a small site like yours. Move all secure pages into a special directory and add this directory to robots.txt.

J.D.

 

Finally solved it!

Took a while to figure it out and get the right combo, but I used the following:

# SERVER_PORT <> Port:80
RewriteCond %{SERVER_PORT} !^80$
RewriteCond %{REQUEST_URI} !^/unlocking(/.*)$
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# SERVER_PORT <> Port:443
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} ^/unlocking(/.*)$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Code (markup):

That way it catches any links to the non-secure url so I don't lose anything in terms of seo-ness.

Thanks for all the help J.D.!

 

I would slightly rewrite it:

RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_HOST}   !^$
RewriteRule ^(unlocking/.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

Code (markup):

This way empty host header will not result in an invalid URL in the redirection response.

J.D.