Close

March 7, 2014

Magento SSL to Non-SSL redirect for SEO

One customer was having issues with certain SSL versions of their pages being crawled by Google. They were receiving duplicate content penalties.

While Magento does a decent job forcing a user to an SSL page of mandatory secure sections of a website (checkout/accounts etc), it does not handle the opposite. Redirect the user to a NON ssl version of the page. CMS Pages/product pages/categories. There is very little benefit of having them served via HTTPS and it increases the load on the server itself.

While we were able to come up with an HTACCESS redirect script to attempt to account for every page type that should be redirected, this was far from ideal. The HTACCESS file would need to be updated with every plugin and/or upgrade to the Magento platform in the future.

We came across Geoff Jackson’s post, which had a very elegant solution. Use Magento’s default routers, to determine whether the page should be secure or not. If the plugin adheres to the Magento framework, this solution should always work in the future.

We had to make a few modifications though for our SEO team.

First, the default type of redirect to the non-secure version of the page that Magento uses is a 302. We wanted the redirect to be a permanent 301. So in the “_checkShouldBeSecure” function, we change the Non-ssl redirect to use a 301 redirect.

//...
         ->setRedirect($url,301)
         ->sendResponse();
//

Secondly, the second issue we found is that this broke our SOAP API calls for some reason. All of the API calls were being redirected by our code to the non-ssl version of the page. We are NOT sure why Magento does not force all Soap calls through SSL, however we had to make an exception in our router to ignore “API” calls.

Near the top of our “_checkShouldBeSecure”, we check if the route name is the “API”, and if so, we just return out of our check. (So if it came from SSL, it will stay SSL. If it came non-ssl, it will stay non-ssl).

 protected function _checkShouldBeSecure($request, $path = '')
    {
 
 
        if (!Mage::isInstalled() || $request->getPost()) {
            return;
        }
		//leave the API alone.
		if($request->getRouteName()=="api"):
			return;
		endif;

This is highly recommended for any new installs of Magento, so that you are indexed by search engines correctly, the first time.

Recent Posts