views:

33

answers:

1

I have a site which uses ssl when accessing a subdomain which essentially is hosting the actual app, whereas the front end site is present at www, which I don't want to use ssl. So this would allow:

http://www.domain.com

but if somebody types:

http://secure.domain.com

they get forced to:

https://secure.domain.com

which when using this subdomain doesn't allow any non-ssl traffic.

Currently I have this in my .htaccess file:

RewriteCond %{HTTP_HOST} ^domain\.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]

RewriteCond "%{HTTP_HOST}" !^www.* [NC]
RewriteCond "%{HTTP_HOST}" ^([^\.]+).*$
RewriteRule ^(.*)$ https://secure.domain.com/a/login/%1 [R=301,L]

This works fine, but if I then edit the URI to remove the s from https it still loads the page but without ssl.

If I add:

SSLOptions +StrictRequire
SSLRequireSSL

to the top of the .htaccess file then it always forces the traffic to ssl, but that is for all subdomains including www.

Is there a way to catch only the non-www traffic and force that to use ssl?

EDIT:

To clarify:

For example, if you are at:

https://secure.domain.com/a/login/test 

and the edit the URI to be

http://secure.domain.com/a/login/test 

then it still loads the page but not using ssl. But if I use

SSLRequireSSL 

then it forces the requirement for the entire site, and I don't want to use ssl at

http://www.domain.com
A: 

SOLVED

After a bit of tweaking I have now solved this issue. What I did was edit the .htaccess file that was in the subdirectory where the application is: https://secure.domain.com/a/login/test and set it to detect if ssl was being used or not (I should add the rest of the .htaccess file is for the benefit of CodeIgniter):

RewriteEngine on

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

RewriteCond %{HTTPS} on
RewriteCond $1 !^(index\.php|images|includes|css|js|robots\.txt|favicon\.ico)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
Ira Rainey