views:

1334

answers:

2

So, I got ZF MVC site and want to force SSL connection on everything under my /checkout/ I tried using mod_rewrite for that, so my .htaccess would look like this:

RewriteEngine on
RewriteRule (\/checkout.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R] 
RewriteRule !\.(js|ico|gif|jpg|png|css|swf|xml|avi|flv|mov|mp3|wav)$ index.php [L]

Sure enough, it does kick in SSL, but second rule, that's ZF specific and redirects everything to index.php sorta erases the protocol specification.

Unfortunately my level of proficiency with mod_rewrite is stupendously terrible. Maybe someone could help me out to solve this?

+1  A: 

This may help you, add the RewriteCond to only apply when the connection is not SSL, then add the 'L' option to your redirect rule so rewrite processing stops at that point (so the last rule doesn't override the SSL redirect).

RewriteCond %{HTTPS} !on
RewriteRule (\/checkout.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [RL] 

RewriteRule !\.(js|ico|gif|jpg|png|css|swf|xml|avi|flv|mov|mp3|wav)$ index.php [L]
Tim Lytle
+2  A: 

Tim Lytle's answer is mostly there.

I'd change it be a little more strict in checking HTTPS and the flags need a delimiter.

RewriteCond %{HTTPS} !^on$
RewriteRule ^/checkout/? https://%{HTTP_HOST}%{REQUEST_URI} [R,L] 

RewriteRule !\.(js|ico|gif|jpg|png|css|swf|xml|avi|flv|mov|mp3|wav)$ index.php [L]
Chris