How to exclude one WordPress page from using HTTPS


#1

Hello!
I installed letsencrypt on a vps using digitalocean.com. Everything is very easy to follow and implement for this site. The only problem is I need to exclude one page from https and I can’t seem to do it.

I’ve found and tried several solutions from online forums to exclude one page from being secured by https/ssl. None of them seem to work.

Please don’t direct me to an existing solution as I’ve searched for many hours and tried several “solutions” to no avail. Including on this community forum. :grimacing:

The specific page I need to exclude is: mmsa.org/stem-resource-bank/

I’ve tried many variations using rewrite in .htaccess and none have worked which leads me to believe that the .htaccess isn’t what I should be modifying. Or I’m simply doing it all wrong.

Any ideas?
Thanks!


#2

Your site has a redirect in place, could you post how your current (general) redirect works? The answer is probably modifying thát redirect, nót extra stuff somewhere else.


#3

Hey @Osiris, thank you for your response.
It makes sense for there to be a 301 redirect from HTTP to HTTPS after adding the lets encrypt service. The problem is that I don’t want to secure one page.

The .htaccess is unchanged from the default Wordpress additions and nothing happens when I modify the .htaccess to rewrite the HTTPS to HTTP for one page.

Is there another place, or a better place, to make changes so one page won’t be secured? And what would I enter to keep that redirect from occurring?

Thank you,
Alex


#4

If there is no redirect in your .htaccess, is there a redirect in your apache config ?

it possibly looks like

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

or similar, in which case you would change it to

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/stem-resource-bank
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The reason Osiris is asking where / what the current redirect is, is so that we can suggest the appropriate change.


#5

Thank you @serverco. I tried your solution but it still didn’t work. I have uncovered some more information for you and @Osiris. I’m very unfamiliar with this part of web administration so please bear with me.

Here’s my .htaccess:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

What I discovered is a file called 000-default-le-ssl.conf appears to be what is responsible for making the site secure.

This is the contents of that file:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/mmsa.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mmsa.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName mmsa.org
</VirtualHost>
</IfModule>

I also have a file called 000-default.conf which looks like this:

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =mmsa.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

What do I need to change to make all requests of and inside of mmsa.org/stem-resource-bank not use https? I feel like the answer is in front of me but I lack the knowledge or direction as to how to correctly change this information. I also can’t find anything on Google that gives a good example to follow — probably because I am not asking the right question.

Thank you!
-Alex


#6

Add:

RewriteCond %{REQUEST_URI} !^/stem-resource-bank

between

RewriteCond %{SERVER_NAME} =mmsa.org

and

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

in 000-default.conf.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.