Redirecting https pages
-
If I add 301 redirects from the https versions of the root domain to the http:www.website.com (canonical version), will this prevent users from being able to access the https version? I believe the https version is only accessed once users log into the site.
Thank you!
-
It is going to be a little bit more difficult than that. Unless you have a wildcard certificate your ssl certificate is not good for sub domains. www.site.com is considered a sub domain of site.com. That being said, I would use url rewriting to handle the problem. Here is a small example of what you could use.
Rewrite Rules for site.com
RewriteEngine On
RewriteBase /Redirect from example.com to www.site.com
RewriteCond %{HTTP_HOST} ^site.com [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]Turn SSL on for payments
RewriteCond %{HTTPS} off
RewriteCond %{SCRIPT_FILENAME} /payments.php [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]Turn SSL off everything but payments
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !/payments.php [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]You will have to enter the other pages that you want to be ssl too, this should get you started though.
-
What you want to do is setup the redirect for all pages "except" those pages that you want to require a person to use the https.
As an example on a site I work on, we have two areas /cart/ and /account/ that represent when someone is checking out or when they are logged into their account and want to update payment options, respectively. You would exclude these folders from the https to http 301 redirect so that users could then use that part of the site in secure mode.The rest of the site you want to have the https 301 to http. The reason you go through all this is that a http and https versions of the site, if spidered, would be considered duplicate content and you want to prevent that.
The other part of this would be that you do not want the search engines (usually) to spider the shopping cart and user login sections of a site. Nofollow noindex all links that lead to those pages and also put those folders in robots.txt - that will keep the bots out of there.
One other thing. Make sure that your templates and content within the https sections of the site link out to the non https urls. The 301 will help with this, but why link to the wrong URL anyway?
All of that said. If your site is one that you deal with highly sensitive information (medical, financial come to mind) then you may simply want to have the site run as https. You would need to bulk up your server resources to handle this as https can slow things down a little bit, but it can be done.
-
To directly answer your question, Erin, a 301 redirect will indeed prevent users from accessing the https versions of your pages and is not the recommended approach.
Is there a reason you want to prevent users/search engines from accessing the https versions of your pages?
Simply ensuring that all links within the site navigation point to http versions, and setting a rel=canonical on all https versions back to the http versions, should do the trick.
Best,
Mike
-
026166
-
142.4k
-
05174
-
014197
-
07363
-
02302
-
07520
-
02634