Webmaster Forums - Webmaster forum for HTML, PHP, ASP, CSS and more - View Single Post - Newbie question

RTrev · 02-16-2007, 02:47 PM

Hello, I'm new, this is my first post here, and if this isn't the correct spot for it my apologies in advance.

I have a 1&1 account where I'm learning about web site development, trying to learn Apache, PHP, MySQL, and all the other goodies.

One thing I've Googled for and found a zillion different answers for, none of which seem to work for me, is how to force the use of SSL for a given sub-directory.

I've played with my .htaccess in that directory, and the tag SSLRequireSSL does prevent anyone from connecting without SSL, but it leaves them with a 500 page instead of just re-writing their request to specifiy https.

Is there a good way to do this? As I said, I've seen dozens of ways described, and always with a handful of people saying "Hey, thanks, that works great" but none of these have worked with my 1&1 account.

As a related note, I'm finding that 1&1 seems to use old software, and perhaps that's my problem. Their OpenSSL is from over 5 years ago, and I gather their Apache and PHP aren't exactly up-to-date either.

Perhaps it's best to just leave it as I have it, because the server then doesn't have the extra load of redirection.

Any thoughts appreciated!

Thanks,
Bob

02-16-2007, 02:47 PM	#1 (permalink)
RTrev Junior Member Join Date: Feb 2007 Location: Williamson, NY (near Rochester) Posts: 6	Newbie question - forcing use of SSL Hello, I'm new, this is my first post here, and if this isn't the correct spot for it my apologies in advance. I have a 1&1 account where I'm learning about web site development, trying to learn Apache, PHP, MySQL, and all the other goodies. One thing I've Googled for and found a zillion different answers for, none of which seem to work for me, is how to force the use of SSL for a given sub-directory. I've played with my .htaccess in that directory, and the tag SSLRequireSSL does prevent anyone from connecting without SSL, but it leaves them with a 500 page instead of just re-writing their request to specifiy https. Is there a good way to do this? As I said, I've seen dozens of ways described, and always with a handful of people saying "Hey, thanks, that works great" but none of these have worked with my 1&1 account. As a related note, I'm finding that 1&1 seems to use old software, and perhaps that's my problem. Their OpenSSL is from over 5 years ago, and I gather their Apache and PHP aren't exactly up-to-date either. Perhaps it's best to just leave it as I have it, because the server then doesn't have the extra load of redirection. Any thoughts appreciated! Thanks, Bob