0

We are using following configuration for adding https to our site.

enter image description here

System> Configuration> Web> secure>

Use Secure URLs in Frontend : YES

Use Secure URLs in admin : YES

it added https to my account , customer login pages.

but from the above pages. if we click on any other catalog and product pages,

than also its adding https to category and product pages.

we have to remove https from these category and product pages. how we can do this ?

Suppose we are in https page. from this page, if we click on any pages, it will redirect to https. but from http page, if we click on any pages, it will redirect to http page only.

.htaccess file 

# MAINTENANCE-PAGE REDIRECT
#<IfModule mod_rewrite.c>
# RewriteEngine on
# RewriteCond %{REMOTE_ADDR} !^106\.51\.233\.96
# RewriteCond %{REQUEST_URI} !/maintenance.html$ [NC]
# RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif) [NC]
# RewriteRule .* /maintenance.html [R=302,L]
#</IfModule>
#disable directory browsing
Options -Indexes
############################################
## uncomment these lines for CGI mode
## make sure to specify the correct cgi php binary file name
## it might be /cgi-bin/php-cgi
# Action php5-cgi /cgi-bin/php5-cgi
# AddHandler php5-cgi .php
############################################
## GoDaddy specific options
# Options -MultiViews
## you might also need to add this line to php.ini
## cgi.fix_pathinfo = 1
## if it still doesn't work, rename php.ini to php5.ini
############################################
## this line is specific for 1and1 hosting
 #AddType x-mapp-php5 .php
 #AddHandler x-mapp-php5 .php
############################################
## default index file
 DirectoryIndex index.php
<IfModule mod_php5.c>
############################################
## adjust memory limit
 php_value memory_limit 512M
 php_value max_execution_time 18000
############################################
## disable magic quotes for php request vars
 php_flag magic_quotes_gpc off
############################################
## disable automatic session start
## before autoload was initialized
 php_flag session.auto_start off
############################################
## enable resulting html compression
 #php_flag zlib.output_compression on
###########################################
# disable user agent verification to not break multiple image upload
 php_flag suhosin.session.cryptua off
###########################################
# turn off compatibility with PHP4 when dealing with objects
 php_flag zend.ze1_compatibility_mode Off
</IfModule>
<IfModule mod_security.c>
###########################################
# disable POST processing to not break multiple image upload
 SecFilterEngine Off
 SecFilterScanPOST Off
</IfModule>
<IfModule mod_deflate.c>
############################################
## enable apache served files compression
## http://developer.yahoo.com/performance/rules.html#gzip
 # Insert filter on all content
 ###SetOutputFilter DEFLATE
 # Insert filter on selected content types only
 #AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
 # Netscape 4.x has some problems...
 #BrowserMatch ^Mozilla/4 gzip-only-text/html
 # Netscape 4.06-4.08 have some more problems
 #BrowserMatch ^Mozilla/4\.0[678] no-gzip
 # MSIE masquerades as Netscape, but it is fine
 #BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
 # Don't compress images
 #SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
 # Make sure proxies don't deliver the wrong content
 #Header append Vary User-Agent env=!dont-vary
</IfModule>
<IfModule mod_ssl.c>
############################################
## make HTTPS env vars available for CGI mode
 SSLOptions StdEnvVars
</IfModule>
<IfModule mod_rewrite.c>
############################################
## enable rewrites
 Options +FollowSymLinks
 RewriteEngine on
############################################
## you can put here your magento root folder
## path relative to web root
 #RewriteBase /magento/
############################################
## workaround for HTTP authorization
## in CGI environment
 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## always send 404 on missing files in these folders
 RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
############################################
## never rewrite for existing files, directories and links
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteCond %{REQUEST_FILENAME} !-l
############################################
## rewrite everything else to index.php
 RewriteRule .* index.php [L]
</IfModule>
############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead
 AddDefaultCharset Off
 #AddDefaultCharset UTF-8
<IfModule mod_expires.c>
############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires
 ExpiresDefault "access plus 1 year"
</IfModule>
############################################
## By default allow all access
 Order allow,deny
 Allow from all
############################################
## If running in cluster environment, uncomment this
## http://developer.yahoo.com/performance/rules.html#etags
 #FileETag none
asked Dec 14, 2015 at 10:36
2
  • It shouldn't be happening in a default Magento installation, check if you have any such rule in .htaccess file. Commented Dec 14, 2015 at 11:41
  • @Prateek please check edited question. i posted .htaccess code Commented Dec 14, 2015 at 11:43

1 Answer 1

0

Credits : https://stackoverflow.com/questions/13399485/redirect-https-to-http-on-non-secure-magento-pages

app/code/core/Mage/Controller/Varien/Router/Standard.php::_checkShouldBeSecure()

I amended this function (created copy in app/code/local add amended it there) adding in the elseif part

protected function _checkShouldBeSecure($request, $path='')
{
 if (!Mage::isInstalled() || $request->getPost()) {
 return;
 }
 if ($this->_shouldBeSecure($path) && !Mage::app()->getStore()->isCurrentlySecure()) {
 $url = $this->_getCurrentSecureUrl($request);
 Mage::app()->getFrontController()->getResponse()
 ->setRedirect($url)
 ->sendResponse();
 exit;
 } elseif (!$this->_shouldBeSecure($path) && Mage::app()->getStore()->isCurrentlySecure()) {
 $url = $this->_getCurrentUnsecureUrl($request);
 Mage::app()->getFrontController()->getResponse()
 ->setRedirect($url)
 ->sendResponse();
 exit;
 }
}

then added this function

protected function _getCurrentUnsecureUrl($request)
{
 if ($alias = $request->getAlias(Mage_Core_Model_Url_Rewrite::REWRITE_REQUEST_PATH_ALIAS)) {
 return Mage::getBaseUrl('link', false).ltrim($alias, '/');
 }
 return Mage::getBaseUrl('link', false).ltrim($request->getPathInfo(), '/');
}
answered Dec 14, 2015 at 12:08

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.