Forcing SSL via HTaccess

Question

Here are some questions I have about SSL.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} somefolder 
RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]

1. Above is code to force everything to go to SSL via HTAccess. Is there a way I can restrict this code to a specific IP Address. I want to force SSL for just my IP address so that I can test the site thoroughly using the new SSL links, and see (make sure) everything is working before taking it live to the live site. Testing with just my IP would be a lot easier.

2. Is SSL going to interfere with any get/posts? Meaning...if I use that code above, and someone is on a page..and they submit a form, it's going to force them into SSL, is that going to be considered a redirect and clear out any post/get variables? I just want to try to find out ahead of time if it's going to mess up anything I have running.

3. Have any of you had any situations where you forced SSL then had a lot of issues with the site not working right?

Answer 1

If you want to make sure your site works well with HTTPS, turn off plain HTTP (assuming it's for whole server), or use Apache Httpd directives (in .htaccess or in the main configuration) that make the pages that need to be served over HTTPS return an error (e.g. 404) when they're accessed over plain HTTP. You could achieve this for a specific IP address by using Deny from xxxxxxx.

Don't rely on mod_rewrite or similar to redirect plain HTTP requests to their HTTPS equivalent. This will at best hide problems and cause a false sense of security.

The reason for this is that, even with a redirect, the initial requests are made in clear before being redirected: make sure all the references use https:// URIs before making use of them. You can find more details in this answer.

Answer 2

Navigate to: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#relative

How can I switch between HTTP and HTTPS in relative hyperlinks?