There are dozens of errors in that code, so I don't even know where to start describing them. The order of the rules is also wrong, and will result in unintended (and potentially bad consequences. I strongly suggest replacing it with the following code after looking up each line in the Apache mod_rewrite documentation, using the Regular Expressions tutorial cited in our Apache Forum Charter [webmasterworld.com] to analyze regex patterns as needed, and figuring out exactly what every line does.

Please do not copy code onto your server if you do not understand precisely what it does. Doing so can result in seemingly-tiny errors that can easily destroy your search engine ranking. This is server configuration code and can have a huge effect on the operation of your server. Do not simply copy and paste code, even from here.

Options +FollowSymLinks
RewriteEngine on
#
# Redirect all https requests to http except for contact pages
RewriteCond %{HTTPS} =on
RewriteCond $1 !^(Contacto¦En/Contact)\.html$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
#
# Redirect contact pages to https if requested via http
RewriteCond %{HTTPS} !=on
RewriteRule ^(Contacto¦En/Contact)\.html$ https://www.example.com/$1 [NC,R=301,L]
#
# Redirect requests for /EN, /En or /en subdirectory to /En subdirectory (fix casing errors)
RewriteCond $1 !^En
RewriteRule ^(EN)(.*)$ http://www.example.com/En$2 [NC,R=301,L]
#
# Redirect non-canonical hostname requests to canonical domain
RewriteCond %{HTTP_HOST} !=www.example.com
RewriteCond %{HTTPS}>s ^(on>(s)¦[^>]+>s)$
RewriteRule ^(.*)$ http%2://www.example.com/$1 [R=301,L]
#
# Internally rewrite SSL requests for /robots.txt to special /robots_ssl.txt file
RewriteCond %{HTTPS} =on
RewriteRule ^robots\.txt$ robots_ssl.txt [L]

Important: Replace all broken pipe "¦" characters above with solid pipe characters before use; Posting on this forum modifies the pipe characters.

Note: If this method of SSL detection (using the %{HTTPS} variable) does not work on your particular server, try replacing "RewriteCond %{HTTPS} =on" with "RewriteCond %{SERVER_PORT} =443", replace "RewriteCond %{HTTPS} !=on" with "RewriteCond %{SERVER_PORT} !=443", and replace "RewriteCond %{HTTPS}>s ^(on>(s)¦[^>]+>s)$" with "RewriteCond %{SERVER_PORT}>s ^(443>(s)¦[^>]+>s)$".

Jim

Jim,

Thank you so much for your reply. I undestood very clearly your comments.

Unfortunately, I never work with Linux, so its too difficult for me.

In order to your reply, I would like to comment you my site is a linux share hosting on Godaddy.

I don´t know why HTTPS on did not funcion with your recomendation, because if you do a redirect from Godaddy Hosting Manager it uses HTTPS on.

Due you recomendation, I changed HTTPS on for SERVER_PORT 443.

Despite a lot of errors you mentioned in my htaccess file, I have the same problem with my old and bad htaccess file.

If I use HTTPS on when I try to go to contact files the IE does not respond, when I changed to SERVER_PORT 443 I redirected to HTTPS pages well, but IE shows the page with non secure elements. This did not happens if I dont use this type of redirection, or I delete all htaccess file.

Its important to mention, that for example from my default html page I have a link to go Contact pages with https.

So perhaps I am having one direction from my home pages and one redirect from htaccess.

The doubt is why if I don´t use htaccess I have no problem to show contact pages as https, and IE as well as Firefox shows lock without problem.

Thank you so much for your very detailed response and your advise. And I´ll hope you can help me again to solution this last issue.

I don´t know why HTTPS on did not funcion with your recomendation

Because you are hosted on the legacy version apache httpd 1.3.x in that case.

but IE shows the page with non secure elements.

You may get such a warning if you're redirecting resources (such as images, css etc.) from https back to http or they're referenced with the scheme, like src="http://...".

No images are the problem. I have an emergent menu and IE shows an error:

Detalles de error de página web

Agente de usuario: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Fecha: Mon, 27 Jul 2009 19:48:58 UTC

Mensaje: 'Menu' is undefined
Línea: 75
Carácter: 9
Código: 0
URI: [example.com...]

Another error comes from a variable of goolge analytics,

<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-#*$!718-1");
pageTracker._initData();
pageTracker._trackPageview();
</script>

Once thing more, please note if I delete htaccess file or I don´t use the redirect to contact pages I have not this problem. I can access my secure pages and any security errors appears.

Could you help me Jim?

Thanks

---

System: The following message was spliced on to this thread from: http://www.webmasterworld.com/apache/3960658.htm [webmasterworld.com] by jdmorgan - 7:57 pm on July 27, 2009 (CT -5)

---

Jim,

Today you help me with my htaccess file, you suggested this code and its ok.

Options +FollowSymLinks
RewriteEngine on
#
# Redirect all https requests to http except for contact pages
RewriteCond %{HTTPS} =on
RewriteCond $1 !^(Contacto¦En/Contact)\.html$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
#
# Redirect contact pages to https if requested via http
RewriteCond %{HTTPS} !=on
RewriteRule ^(Contacto¦En/Contact)\.html$ [example.com...] [NC,R=301,L]
#
# Redirect requests for /EN, /En or /en subdirectory to /En subdirectory (fix casing errors)
RewriteCond $1 !^En
RewriteRule ^(EN)(.*)$ http://www.example.com/En$2 [NC,R=301,L]
#
# Redirect non-canonical hostname requests to canonical domain
RewriteCond %{HTTP_HOST} !=www.example.com
RewriteCond %{HTTPS}>s ^(on>(s)¦[^>]+>s)$
RewriteRule ^(.*)$ http%2://www.example.com/$1 [R=301,L]
#
# Internally rewrite SSL requests for /robots.txt to special /robots_ssl.txt file
RewriteCond %{HTTPS} =on
RewriteRule ^robots\.txt$ robots_ssl.txt [L]

Important: Replace all broken pipe "¦" characters above with solid pipe characters before use; Posting on this forum modifies the pipe characters.

Note: If this method of SSL detection (using the %{HTTPS} variable) does not work on your particular server, try replacing "RewriteCond %{HTTPS} =on" with "RewriteCond %{SERVER_PORT} =443", replace "RewriteCond %{HTTPS} !=on" with "RewriteCond %{SERVER_PORT} !=443", and replace "RewriteCond %{HTTPS}>s ^(on>(s)¦[^>]+>s)$" with "RewriteCond %{SERVER_PORT}>s ^(443>(s)¦[^>]+>s)$".

THE PROBLEM

All redirects are ok. But I have discovered a new problem so IE or Firefox does not show Lock security.

This problem comes from my mm_menu.js, Image directories, favicon.ico, and other files wich are using on contact pages which does not redirect with the html pages (Contacto.html and En/Contact.html). On the other hand if I try to call src trough https is not possible because the redirects moved all https content to http.

My question, due my ignorance would be how to redirect with contact pages this files to SSL pages so it will display all secure on the exploder, and viceversa because if I redirect these, its fine to https pages but I am lossing to HTTP pages the files and directories redirected.

I´ll appreciatte so much if you comment me in your example how I can do it.

Thank you in advance Jim.

Daniel

The simple answer is that you need a "list" of the URLs of *all* shared directories and/or objects, and that list must be excluded from the redirection. Those objects will then appear in both the http and https URL-spaces, and so will not trigger security warnings.

For example,

 RewriteCond $1 !^(Contacto¦En/Contact)\.html$ [NC]

becomes

 RewriteCond $1 !^(Contacto\.html¦En/Contact\.html¦mm_menu\.js¦favicon\.ico¦images/) [NC] 

Jim

Thank you so much Jim. All its ok.