0

I was struggling last few hours tying to find a decent way to remove index.php from a specific url that is being served over https. The reason why I want to remove the index.php is that when a url is served over https it works fine and no issues. However, when any person type at the end of the url index.php, the https can be changed to http so the SSL is useless on that url as encrypted information can't be made in that case.

This is the question I made before to get my SSL work, but that doesn't include the index.php being served over https My question about SSL for specific url

so now I have two options to go with and I don't know how to go with them. The first is to hide index.php for the url that is being served over https. And the 2nd is to made some modification to that code I used in my previous question so that https can be used even if index.php is typed in the url.

any help would be appreciated since I have no clue how to do anything here!!

Thanks

Update: it doesn't seem that the solution I provided works well when Nginx folder protection "auth_basic and auth_basic_user_file" are used.

Improve this question
2
  • 1
    Could you please write an example of the bad URL that gets redirected. Commented Mar 28, 2014 at 18:32
  • ok, if I write for example, www.mydomain.com/securearea/ ---> it will be like this: https : //www.mydomain.com/securearea/ which is great. however, when I add index.php to the url at the end, I can manually remove https with http so the url is not secure anymore like this: http ://www.mydomain.com/securearea/index.php Commented Mar 28, 2014 at 18:47

1 Answer 1

Reset to default
1

surprisingly I found one solution out of the options I was after. I got the 2nd option to work, not the first one since I had a lot of struggle to force hiding / removing index.php

All I had to do is to force SSL to server https for index.php, and the changes were simple.

The original code was:

server {
  listen 80;
  server_name example.com;
  # normal http settings
  location /secure_area/ {
    return 301 https://$http_host$request_uri$is_args$query_string;
  }
}

And the changes I got is this:

server {
  listen 80;
  server_name example.com;
  # normal http settings
  location ~* ^/secure_area/ {
    return 301 https://$http_host$request_uri$is_args$query_string;
  }
}

so the change was from location / to location ~* ^/

I hope it is going to be useful for anyone run into this issue.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

I'd say this is a good answer, though keep in mind that ~* is case insensitive , meaning /SeCuRe_ArEa/ would match too, you can remove it if you don't want that, or use ^~ /secure_area/ instead
Thanks @MohammadAbuShady. I will try that and see if things work. I'm just concerned if auth_basic and auth_basic_user_file module protection would work or not!!
I just tried that ^~ /secure_area/, but the file get downloaded whenever I enter it on the browser. I tried on both Chrome and FF... any idea?
what is your php location ? location ?
ok this is weird, I don't know why it's not working, but nvm, just use your answer, it's just as good.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.