I'd like to ensure that certain URLs on my site are always accessed via HTTPS while all other URLs are accessed via HTTP.
I can get either case working in my .htaccess file, however if I enable both, then I get infinite redirects.
My .htaccess file is:
<IfModule mod_expires.c>
# turn off the module for this directory
ExpiresActive off
</IfModule>
Options +FollowSymLinks
AddHandler application/x-httpd-php .csv
RewriteEngine On
RewriteRule ^/?registration(.*)$ /register$1 [R=301,L]
# Force SSL for certain URL's
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} (login|register|account)
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Force non-SSL for certain URL's
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !(login|register|account)
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Force files ending in X to use same protocol as initial request
RewriteRule \.(gif|jpg|jpeg|jpe|png|ico|css|js)$ - [S=1]
# Use index.php as the controller
RewriteCond %{REQUEST_URI} !\.(exe|css|js|jpe?g|gif|png|pdf|doc|txt|rtf|xls|swf|htc|ico)$ [NC]
RewriteCond %{REQUEST_URI} !^(/js.*)$
RewriteRule ^(.*)$ index.php [NC,L]
Does anyone have any suggestions on how I can force the login, register and account pages to be https while forcing every other page to not be?