1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 12:27 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

.htaccess switching between https and http

WP e-Commerce store issue

         

ablears

1:39 am on Jan 21, 2011 (gmt 0)

10+ Year Member



Hello

I have an ecommerce store running Wordpress + WP e-Commerce. The checkout page correctly switches to HTTPS, but then all pages afterwards are also HTTPS. I can't get the switch back to HTTP working. I've tried removing the supercache rules but that didn't solve it.

I've tried using the .htaccess code here without success:
[webmasterworld.com...]

I've also tried simpler versions. Here's what I have: 

#SSL
RewriteEngine On
#redirect all https traffic to http, unless it is pointed at /products-page/checkout
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/products-page/checkout/?.*$
RewriteRule ^(.*)$ http://www.mydomain.com/$1 [R=301,L]


#redirect all http traffic to https, if it is pointed at /products-page/checkout
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/products-page/checkout/?.*$
RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L]


# BEGIN WPSuperCache
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
AddDefaultCharset UTF-8
RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).* [NC]
RewriteCond %{HTTP_user_agent} !^(w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-).* [NC]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/supercache/%{HTTP_HOST}/$1/index.html.gz -f
RewriteRule ^(.*) "/wp-content/cache/supercache/%{HTTP_HOST}/$1/index.html.gz" [L]

RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).* [NC]
RewriteCond %{HTTP_user_agent} !^(w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-).* [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/supercache/%{HTTP_HOST}/$1/index.html -f
RewriteRule ^(.*) "/wp-content/cache/supercache/%{HTTP_HOST}/$1/index.html" [L]
</IfModule>

# END WPSuperCache


# BEGIN WordPress
<IfModule mod_rewrite.c>
# Internally rewrite requests which do not resolve to a physically-existing file or directory
# to the WordPresss script, excluding requests for objects which WP does not create/generate
# and the WP script itself from these 'exists' checks to greatly improve server efficiency
RewriteCond %{REQUEST_URI} !(^/index\.php|\.(gif|jpe?g|png|ico|css|js))$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# End Wordpress



This results in this behaviour: 
https://www.mydomain.com/ -> http://www.mydomain.com/ (correct)
http://www.mydomain.com/products-page/checkout/ -> http://www.mydomain.com/ (incorrect)


The desired behaviour is: 
http://www.mydomain.com/products-page/checkout/ -> https://www.mydomain.com/products-page/checkout/


thanks
Anthony

jdMorgan

9:50 pm on Jan 24, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Are you sure that your HTTPs server uses this same .htaccess file? -- Many do not, and if yours does not, then the https->http code needs to go into the .htaccess on the HTTPS "side" of your site.

Another potential cause is that the %{HTTPS} variable is NOT a native server variable. You could try substituting "%{SERVER_PORT} = 443" and "%{SERVER_PORT} !=443" for the "HTTPS On" and "HTTPS Off" conditions, respectively.

Also, you should specifically exclude all images, CSS, and JS files that you "share" between secure and non-secure pages from being redirected in either direction. Failing this, youi'll get "Mixed secure/insecure content" warnings in many browsers.

The simplest way to do that is usually to just exclude those filetypes from both rules.

Jim

ablears

11:39 pm on Jan 24, 2011 (gmt 0)

10+ Year Member



Thanks for your reply.

I think the HTTPs server uses the same .htaccess - certainly 
https://www.mydomain.com/somefolder
does correctly redirect to 
http://www.mydomain.com/somefolder
using the above code.

It's just that requesting 
http://www.mydomain.com/products-page/checkout/
results in an undesired redirect to 
http://www.mydomain.com
. That made me wonder if my syntax was incorrect somewhere on these two lines: 

RewriteCond %{REQUEST_URI} !^/products-page/checkout/?.*$
RewriteRule ^(.*)$ http://www.mydomain.com/$1 [R=301,L]


as it will redirect from HTTPS to HTTP but it doesn't add the folder path...

cheers
Anthony

jdMorgan

1:27 am on Jan 25, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



This code, on its face, is correct: 

RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/products-page/checkout/?.*$
RewriteRule ^(.*)$ http://www.mydomain.com/$1 [R=301,L]

It clearly redirects all https requests to the corresponding URL-path in HTTP, unless the requested URL-path starts with "/products-page/checkout/".

It could be coded more efficiently as: 

RewriteCond %{HTTPS} on
RewriteCond $1 !^products-page/checkout/
RewriteRule ^(.*)$ http://www.mydomain.com/$1 [R=301,L]

but the simple fact is that this code should work (if installed in the root /.htaccess file). If that is not the case, then the problem lies elsewhere -- in another .htaccess file, in a script, or in your server configuration.

Note that the same optimization can be applied to that messy supercache code:
^.*something -> something
something.*$ -> something
^.*something.*$ -> something

Using an anchor bounded by ".*" makes the anchor irrelevant, and therefore, both are unnecessary.

The good news is that since this is a redirect problem, it is easily-visible -- unlike an internal rewrite gone bad... Simply look at all your other code that does/can do external redirects, and find the instance(s) where the URL-path is being dropped.

Jim
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 12:27 am May 2, 2026