Redirecting Secure (HTTPS) Pages to Non Secure (HTTP) in Magento
Whilst Magento offers easy configuration for secure (SSL) pages to be enabled at the front end and back end of your store, it hasn’t catered for the redirection of https versions of your pages to the http versions where necessary (any pages that do not contain personal or sensitive information do not need to be served at secure pages).
As such, this can prove a hindrance when search engines rank your store and can subsequently result in multiple versions of your pages, either on http or https protocols being indexed in the search results. This can hold a multitude of negative knock on effects to the performance of your website in organic search (SEO).
This can be rectified by extending the function _checkShouldBeSecure.
Never directly modify the Magento core, always copy the files you wish to modify and extend to the local pool:-
Navigate to the below path:-
app/code/core/Mage/Core/Controller/Varien/Router/Standard.php
Copying Standard.php to the below path:-
app/code/local/Mage/Core/Controller/Varien/Router/Standard.php
You’re now safe to modify and extend in this file without your changes being overwritten when you upgrade Magento.
In your local copy of Standard.php, find the function _checkShouldBeSecure (around line 427 in Magento 1.7.X)…
protected function _checkShouldBeSecure($request, $path = '')
{
if (!Mage::isInstalled() || $request->getPost()) {
return;
}
if ($this->_shouldBeSecure($path) && !$request->isSecure()) {
$url = $this->_getCurrentSecureUrl($request);
if ($request->getRouteName() != 'adminhtml' && Mage::app()->getUseSessionInUrl()) {
$url = Mage::getSingleton('core/url')->getRedirectUrl($url);
}
Mage::app()->getFrontController()->getResponse()
->setRedirect($url)
->sendResponse();
exit;
}
}
Replace this function with this modified version:-
protected function _checkShouldBeSecure($request, $path='')
{
if (!Mage::isInstalled() || $request->getPost()) {
return;
}
if ($this->_shouldBeSecure($path) && !Mage::app()->getStore()->isCurrentlySecure()) {
$url = $this->_getCurrentSecureUrl($request);
Mage::app()->getFrontController()->getResponse()
->setRedirect($url)
->sendResponse();
exit;
} elseif (!$this->_shouldBeSecure($path) && Mage::app()->getStore()->isCurrentlySecure()) {
$url = $this->_getCurrentUnsecureUrl($request);
Mage::app()->getFrontController()->getResponse()
->setRedirect($url)
->sendResponse();
exit;
}
}
And then add the function _getCurrentUnsecureUrl into Standard.php:-
protected function _getCurrentUnsecureUrl($request)
{
if ($alias = $request->getAlias(Mage_Core_Model_Url_Rewrite::REWRITE_REQUEST_PATH_ALIAS)) {
return Mage::getBaseUrl('link', false).ltrim($alias, '/');
}
return Mage::getBaseUrl('link', false).ltrim($request->getPathInfo(), '/');
}
Then that’s it, clear your Magento cache and test by visiting the homepage, category or product URL by including https in the URL and check it redirects to the http version.
Worked perfectly, thank you!
You’re welcome Jamie.
Amazing article, thank you very much. You helped me deal with a serious problem!
Glad it helped you out Aleksey.
Thanks! Worked Perfectly, just what I needed.
Glad it helped you out Brad.
i have used this process for required url redirection ..everything is working fine and as expected …..but i want to force ssl on the homepage….i.e homepage along with my account, wishlist, checkout will be ssl and other will be non-ssl…..how do i acheive this???
This is excellent thanks. If this is for SEO, you might want to use HTTP 301 instead of HTTP 302. Just pass 301 as a second parameter to the method like this:
Good point Aaron, by default, Magento will redirect as a 302 so implementing your code will ensure the redirect is a 301 and passes weight for SEO objectives.
Base URL is set to HTTPS to enable site wide SSL
If I would like to keep all the URLs HTTPS and only redirect selected cms pages to HTTP, Is it possible ?
I also have htaccess code that redirect all http urls to https urls
Thanks
Hey Pravin,
Thanks for stopping by to leave a comment.
You wouldn’t be able to redirect specific URLs back to http with .htaccess when the site has sitewide https enabled because this would cause a redirect loop.
You can either have sitewide http or https and exclude specific pages by creating a new router or extending the controller.
Taking a look at these might put you in the right direction.
https://magento.stackexchange.com/questions/5553/how-to-redirect-a-specific-cms-page-contact-form-to-https
https://magento.stackexchange.com/questions/96207/exclude-specific-frontend-url-from-https
Hope that helps.
Although, what is the actual need to exclude just some CMS pages from https?