I have a site which uses ssl when accessing a subdomain which essentially is hosting the actual app, whereas the front end site is present at www, which I don't want to use ssl. So this would allow:
http://www.domain.com
but if somebody types:
http://secure.domain.com
they get forced to:
https://secure.domain.com
which when using this subdomain doesn't allow any non-ssl traffic.
Currently I have this in my .htaccess file:
RewriteCond %{HTTP_HOST} ^domain\.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]
RewriteCond "%{HTTP_HOST}" !^www.* [NC]
RewriteCond "%{HTTP_HOST}" ^([^\.]+).*$
RewriteRule ^(.*)$ https://secure.domain.com/a/login/%1 [R=301,L]
This works fine, but if I then edit the URI to remove the s from https it still loads the page but without ssl.
If I add:
SSLOptions +StrictRequire
SSLRequireSSL
to the top of the .htaccess file then it always forces the traffic to ssl, but that is for all subdomains including www.
Is there a way to catch only the non-www traffic and force that to use ssl?
EDIT:
To clarify:
For example, if you are at:
https://secure.domain.com/a/login/test
and the edit the URI to be
http://secure.domain.com/a/login/test
then it still loads the page but not using ssl. But if I use
SSLRequireSSL
then it forces the requirement for the entire site, and I don't want to use ssl at
http://www.domain.com