Something like the following will handle most hostname canonicalization issues while keeping you out of trouble with "Mixed secure/non-secure content" warnings.

RewriteEngine on
#
# Externally redirect all HTTP requests for SSL pages to HTTPS
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^((booking|extranet)/.*)$ https://example.com/$1 [R=301,L]
#
# Externally redirect all HTTPS requests for non-SSL pages to HTTP, except for
# objects (e.g. images, css, JS files) shared between SSL and non-SSL pages.
RewriteCond %{SERVER_PORT} =443
RewriteCond $1 !^(booking|extranet)/
RewriteCond $1 !\.(gif|jpe?g|css|js)$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
#
# Externally redirect all non-blank non-canonical hostname requests to
# the canonical hostname, preserving requested HTTP/HTTPS protocol
# (Handles object requests not already redirected above)
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [NC]
RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+s)$
RewriteRule ^(.*)$ http%2://www.examnple.com/$1 [R=301,L]

[added] Also, to allow additional subdomains in the future, consider signing up for a wild-card certificate covering all possible subdomains if it's not already too late. [/added]

Jim

Hi jdMorgan,

thanks for your long reply.
Since the SEO of the site says that subdomains are an absolut NoGo a wild-card certificate is not of interest.

I tried it now with a test site but it still adds a "www" to the https url and therefor still outputs the "connection not trusted" error.

any ideas why it still adds the www for the https exceptions?

additionaly the 301 redirect is not working with your htaccess code anymore.. e.g. if you type in http:// mydomain.com/sitemap it should redirect you with 301 to http:// www.mydomain.com/sitemap

am I missing something?

[update]Turns out i placed your code snippet entirely instead of my rewrite code. if i paste my last 2 lines after your code, the 301 redirect from http:// mydomain.com to http:// www.mydomain.com is working again.

so one of my two questions is solved. But I would still need help with the https question..[/update]

cheers and thanks again,
david

Yes, on review you should use only the first two rules I posted, and delete the third.

Wild-card cert: You *are* using a subdomain -- www is a subdomain of the example.com domain.

Frankly, if you're going to use non-www for HTTPS, then you'd might as well use it for HTTP as well.

Consistency is good because it eliminates many potential errors and will allow you more freedom in linking within your site (i.e. with this current plan, all links to objects shared between HTTP and HTTPS will either have to be server-relative or page-relative; If you want to use an absolute link, then you will have to use scripting to determine if the linking page is SSL or not, and so whether to use https or http in that link).

Consider standardizing on non-www for all URLs to avoid a very long-term big headache/disaster.

Jim

Oh, yes of course you're are right concerning that www is already a subdomain.
And you're also right concerning the consistency.

I just called the certification company and asked to change the certificate to www to avoid any troubles like you mentioned.
Hopefully it will be possible and they are speeding up the process.

I also tried only your first two rules, but still i get the "error while redirection"-page. Hopefully it will solve itself with adding the www to the https.

Thanks again
David

No, you want one which covers <anything>.example.com here.

OK, assuming that you get the cert upgraded to all the use of SSL on the "www" subdomain, you'd want to use a slightly-modified version of my original post:

RewriteEngine on
#
# Externally redirect all HTTP requests for SSL pages to HTTPS
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^((booking|extranet)/.*)$ https:[b]//www.ex[/b]ample.com/$1 [R=301,L]
#
# Externally redirect all HTTPS requests for non-SSL pages to HTTP, except for
# objects (e.g. images, css, JS files) shared between SSL and non-SSL pages.
RewriteCond %{SERVER_PORT} =443
RewriteCond $1 !^(booking|extranet)/
RewriteCond $1 !\.(gif|jpe?g|css|js)$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
#
# Externally redirect all non-blank non-canonical hostname requests to
# the canonical hostname, preserving requested HTTP/HTTPS protocol
# (Handles object requests not already redirected above)
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [NC]
RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$
RewriteRule ^(.*)$ http%2://www.examnple.com/$1 [R=301,L]

I suppose that if you wanted to, you could test this code now, but with all of the "www."s and "www\."s temporarily removed... temporarily forcing everything to non-www.

By preceding all three rules with something like

RewriteCond %{REMOTE_ADDR} =12.34.56.78
RewriteRule ^ - [S=3]

where "12.34.56.78" is your own IP address, you could skip these rules entirely for any requests not from your own IP address, thus minimizing the risk of confusing the search engines while testing.

---

Re: The current test code:

As long as you modified it correctly (by deleting the third rule), there's no reason you should still be seeing a redirection loop with the current two-rule code. Delete your browser cache and test again.

You should delete your browser cache before testing any new server-side code or "settings" --whether in a config file, .htaccess, a script, or a control panel setting-- in order avoid seeing stale responses and content served from your browser cache. If content and responses are served from cache, then no request is sent to your server, and no changes to server-side code can have any effect.

If you still see a loop, then you've got some other code (or control panel setting) in some other location that is invoking a redirect that is countermanding one of the two that are in your current file.

Jim

[edit] Corrected as noted below. [/edit]

[edited by: jdMorgan at 4:40 pm (utc) on May 18, 2010]

Thanks for all the reply.
I already ordered the new certificate and as soon as it is implemented I will try your code Jim.

Why not order a certificate which covers <anything>.example.com? This is for my boss simply a money reason. Because the website is a new one so he tries to keep the costs as low as possible at the beginning.

Thanks again
Cheers
David

keep the costs as low as possible at the beginning

Saving dozens of pounds now with the certainty of spending hundreds or thousands later might be seen as folly. Be careful how much you cut projects back in their early days.

EDIT start
I got the certificate changed to www.
So the certificated domain is now: https://www.example.com
EDIT end


My current code looks like this:

RewriteEngine on

# COND1: Externally redirect all HTTP requests for SSL pages to HTTPS
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^((ssltest1|ssltest2)/.*)$ https://example.com/$1 [R=301,L]

# COND2: Externally redirect all HTTPS requests for non-SSL pages to HTTP, except for
# objects (e.g. images, css, JS files) shared between SSL and non-SSL pages.
RewriteCond %{SERVER_PORT} =443
RewriteCond $1 !^(ssltest1|ssltest2)/
RewriteCond $1 !\.(gif|jpe?g|css|js)$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

# COND3: Externally redirect all non-blank non-canonical hostname requests to
# the canonical hostname, preserving requested HTTP/HTTPS protocol
# (Handles object requests not already redirected above)
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [NC]
RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$
RewriteRule ^(.*)$ http%2://www.example.com/$1 [R=301,L] 


# COND4: REWRITES ALL http://example.com/ to http://www.example.com/
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]

Again what I want to accomplish is the following:
1. http://example.com/subdirectory should be rewritten to http://www.example.com/subdirectory
2. if one opens /ssltest1 or /ssltest2: http:// should be rewritten to https://- also the first rule (add www should apply)
3. it should automatically add https to all the img, css, js-tags


Problems I have with the current code:
- if I open http://www.example.com/ssltest1 it does not add https://
- if I open https://www.example.com/ssltest1 it rewrites the URL to http://www.example.com/ssltest1 (if I open https://www.example.com/flugbuchung/ it redirects correct to the [version)...]
- it also does not add the desired https:// to img, css, js like it should according to the code (but this is of course due to the fact that i can't access a https://page)


I tried it without COND3 and without COND4 and always cleared my cache but it seems to have no effect.

Any ideas what I'm missing?
Thanks in advance
Cheers
David

PS: Again I replaced all the links so that one could view them somewhat properly.

[edit] Corrected as noted below. [/edit]

[edited by: jdMorgan at 4:42 pm (utc) on May 18, 2010]
[edit reason] Please use example.com only. [/edit]

The first rule above is missing "www" in the substitution address.

The last rule above is wrong, unnecessary, and destroys what the previous rules are meant to do.

Jim

hello jim,

sorry for posting the plain url. it was not meant to be an advertising.

i removed fourth condidition and added the www in the first one. so my code looks now like this:

RewriteEngine on

# COND1: Externally redirect all HTTP requests for SSL pages to HTTPS
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^((ssltest1|ssltest2)/.*)$ https:// www.my-example.de/$1 [R=301,L]

# COND2: Externally redirect all HTTPS requests for non-SSL pages to HTTP, except for
# objects (e.g. images, css, JS files) shared between SSL and non-SSL pages.
RewriteCond %{SERVER_PORT} =443
RewriteCond $1 !^(ssltest1|ssltest2)/
RewriteCond $1 !\.(gif|jpe?g|css|js)$
RewriteRule ^(.*)$ http:// www.my-example.de/$1 [R=301,L]

# COND3: Externally redirect all non-blank non-canonical hostname requests to
# the canonical hostname, preserving requested HTTP/HTTPS protocol
# (Handles object requests not already redirected above)
RewriteCond %{HTTP_HOST} !^(www\.my-example\.de)?$ [NC]
RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$
RewriteRule ^(.*)$ http%2:// www.my-example.de/$1 [R=301,L]

there are a couple of other standard typo3 rules after the first 3 conditions. should i also post them?


unfortunately i'm still having troubles:

problem 1: if i open http:// www.my-example.de/ssltest1 it does not redirect to https://
problem 2: if i open https:// www.my-example.de/ssltest1 it redirects to http://
problem 3: if i open http:// www.my-example.de/ssltest1/ it redirects to http:// www.my-example.de/index.php
problem 4: if i open http:// my-example.de/xyz it does not redirect to http:// www.my-example.de/xyz

any ideas what i'm still making wrong?
or is it maybe even a better idea to hire and pay a person who helps me with my problems?

cheers and again thanks in advance
david

[edited by: jdMorgan at 4:43 pm (utc) on May 18, 2010]
[edit reason] Corrected as noted below. [/edit]

> problem 1: if i open http:// www.my-example.de/ssltest1 it does not redirect to https://
> problem 2: if i open https:// www.my-example.de/ssltest1 it redirects to http://
Missing trailing slash on this requested URL. The patterns in the first two rules require the trailing slash. Add the slash to your test requests, or change the patterns as required.

> problem 3: if i open http:// www.my-example.de/ssltest1/ it redirects to http:// www.my-example.de/index.php
This indicates that you have additional rules or directives not shown here which are interfering with your code.

An internal rewrite is being invoked prior to an external redirect, "exposing" your internal index.php filepath to the client as a URL. This could be because of a rule in this .htaccess file, or a rule in a higher-level .htaccess or server config file.

> problem 4: if i open http://example.de/xyz it does not redirect to http://www.example.de/xyz
RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+s)$
should be
RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$

This was my error. I have corrected it in the posts above to prevent other people copying bad code.

Please use example.com or example.cc domains only. This will prevent most auto-linking, and prevent this thread from out-ranking your own site for domain-name searches. Threads here are crawled about every 15 minutes, so by the time I edit a thread to remove domain names, it is usually too late.

Jim