I am trying to be more selective in which pages/requests are using SSL for performance reasons. I would like to use htaccess to redirect to https:// for only the required pages and redirect back to http:// for everything else. This is what I have:
RewriteEngine On
# force https
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)/(abc|xyz)(.*)$ https://%{HTTP_HOST}/$1/$2 [R=301,NC,L]
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{HTTP_REFERER} !^https(.*)/(abc|xyz)(.*)$ [NC]
RewriteCond %{REQUEST_URI} !^(.*)/(abc|xyz)(.*)$ [NC]
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ initialize.php [QSA,L]
the secure requests are ment to be abc or xyz. The problem is that if http:// example.com/abc is requested it is redirecting to http:// example.com/initialize.php. a non-secure page works as expected.