ansaurus

Question

Force HTTPS on certain URLs and force HTTP for all others

Answer 1

A:

Just invert the conditions:

RewriteCond %{HTTPS} =on
RewriteRule !^my http://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]

Gumbo 2010-07-22 08:35:08

Hi ya, thanks for the speedy reply. I tried that but I wasn't sure where to place it in the flow of my existing rules, any pointers? If I place it above the existing 'Force HTTPS' rule it prevents the 'Force HTTPS' from working and also prevents the final rule which rewrites index.php from executing. :?

Nathan Pitman 2010-07-22 08:44:03

@Nathan Pitman: No, since they have different matching conditions they should not interact.

Gumbo 2010-07-22 08:56:22

ok, I tried what you suggested (see the update to my original post) but this didn't work. I can see that it 'should' but I think I perhaps have the rules in the wrong order or certain rules are causing the rewrite to terminate before other conditions and rules can be evaluated... :/

Nathan Pitman 2010-07-22 09:29:14

@Nathan Pitman: Or you didn't mention that you're defining the rules in `httpd.conf` (or similar) and everyone assumed it was in `.htaccess`, in which case you need to make sure all the test patterns match `^/`, e.g. `^/my` (I might be wrong though, it was just a thought)

Tim Stone 2010-07-22 16:22:50

Hi Tim, yea this is being defined in .htaccess

Nathan Pitman 2010-07-22 20:11:41

Answer 2

A:

This is something that works from an old client website and could be adaptable for your purposes:

#If https off and in the cart dir
RewriteCond %{HTTPS} =off [NC]
RewriteCond %{REQUEST_URI} ^/cart/(.*) [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/cart/%1 [R=301,L]

#If https on and not in cart dir    
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/cart [NC]
#Above line actually used to read RewriteCond %{REQUEST_URI} !^/cart|media|images|thumbs|css|js [NC]
#to allow js/css/images to be served so there were no mixed ssl messages popping up to visitors
RewriteCond %{REQUEST_FILENAME} !index\.php$ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]

Replacing cart with my perhaps

connrs 2010-07-22 12:21:20

Answer 3

A:

Give the following a try, should work for you:

RewriteEngine On

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/my
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/my
RewriteRule ^(.*)$ http://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

2010-07-22 12:55:04

Answer 4

A:

Ah, of course. The problem lies in the fact that your rewrite ruleset will be reprocessed after it is transformed to index.php following the initial redirect. Using what you currently have, you need to additionally condition the redirections to make sure they don't get applied after the rewrite to /index.php/my.

Something like the following should do:

RewriteEngine On
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]

# Force HTTPS for /my
RewriteCond %{HTTPS} !=on
RewriteCond %{THE_REQUEST} ^[A-Z]+\s/my [NC]
RewriteRule ^(my) https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]

# Force HTTP for anything which isn't /my
RewriteCond %{HTTPS} =on
RewriteCond %{THE_REQUEST} !^[A-Z]+\s/my [NC]
RewriteRule !^my http://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]

# Remove index.php from URLs
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1

Tim Stone 2010-07-22 21:26:34

ansaurus

tags:

views:

answers:

Force HTTPS on certain URLs and force HTTP for all others

related questions