...this will work:

It depends what you are trying to do.

Will this function alone in .htaccess or does it need further support from other files?

Well, yes, it functions alone in .htaccess.

Will this indeed take care of (redirect) any...

No. The code you have posted doesn't redirect anything. What do you think that code does?

What is it that you are trying to do exactly? It sounds like you want to redirect some HTTPS pages to HTTP? You might have to do this for each URL, unless you can use a pattern, or exclude certain URLs from the redirect.

(Btw, you only copied the first bit of that code from askapache - but that might not be what you require anyway.)

[env=ps:http]

The quoted pair of rules do nothing except to set an environmental variable. (Query: Can't this be done in mod_setenvif?) What are you going to do with it?

jdMorgan probably knows (knew?) more about Apache than anyone else hereabouts ... but he was also prepared to do things in mod_rewrite involving [S], [C] and [N] flags that ordinary civilians would be well advised to approach with extreme caution.

OK, that's why I was checking, it looked awfully thin to me.

jdMorgan I thought was still around - the lack of dates on that thread at askapache gave me the impression that their praises were recent. Hope he is OK!

What am I trying to do ?

Make sure that Google never indexes https versions of regular pages, and do this by redirecting https content on those pages to http. (I'm calling this a false https).

But as I think about it, we'd also have to have something to make sure that real https pages (checkout pages in a shopping cart) are not redirected to non-https urls.

I'm no wiz at this, but hopefully I'm smart enough to know what I don't know.

You're going to need redirects, then. Your rules don't do that. If you have a mixed site, http and https, there will typically be a pair of rules, one for each direction. Ideally, you'd combine those with your existing domain-name-canonicalization redirects. For example -- sticking with the "https on/off" format (there are at least two other ways to check) and assuming your preferred hostname is www.example.com with www --

RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [OR]
RewriteCond %{HTTPS} off
RewriteRule ^(all-secure-pages-or-directories-here) https://www.example.com/$1 [R=301,L]

RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [OR]
RewriteCond %{HTTPS} on
RewriteRule ^(all-NON-secure-pages-or-directories-here) http://www.example.com/$1 [R=301,L]

Since the two rules are mutually exclusive* you can put them in either order. Start with whichever form you have more of, secure or not. ("More of" means overall number of requests, not the raw number of files.)

This reminds me that if you have an "index.html" redirect, as most sites do (or should), you will probably now need two of those, one for secure and one for non-secure directories. They should go immediately before the http/https redirects.


* In a different discipline we'd say "in complementary [as opposed to contrastive] distribution".

lucy24, good catch - fortunately the index redirection thing is the least of my issues right now (I think we got that right from the start).

For the moment, there is no .htaccess file and no need as yet. Site is in coldfusion (on helicon APE) which is all new to me!

Funny you aren't suggesting we listen for the port and go from there (but that's another method, I know!)

Just one teeny tiny problem with this (all-NON-secure-pages-or-directories-here) - this site has thousands of non-secure pages (and hundreds of directories) - how do we list that much stuff with this method?

I'm thinking I may be asking the wrong question - maybe I should be thinking rel=canonical - one issued to each page to assert the point that the canonical is http.

The major issue is keeping Google from indexing the https pages (which it is starting to do... and I want to nip this in the bud as soon and as best as possible!)

-C

You're going to need redirects...

...maybe I should be thinking rel=canonical

If you only need to make sure users are directed to the correct pages from Google SERPs then a rel=canonical should suffice, if that is easier to implement. Make sure you have both HTTP and HTTPS versions verified in Google Search Console (formerly Google Webmaster Tools).

Just curious - what's the reason not to use HTTPS for everything?

Reference:
Google Help Docs - Prefer HTTPS over HTTP for canonical URLs [support.google.com]

yah, we're presently evaluating that for sure - lots of moving pieces.

Always a good thing to ask the right question early.

In this particular situation, I don't really care about the UX, what I care about is getting the canonical issues right.

Also make sure you only have the relevant HTTP URLs in your sitemap (if you have a sitemap).

RewriteRule ^(.*)$ - [env=ps:https]

An aside... why are they capturing the pattern and using anchors here? They could just use

.*

Or, for that matter, .? (again without anchors or parentheses) meaning that the server doesn't even have to read the string all the way to the end.

If you only need to make sure users are directed to the correct pages from Google SERPs then a rel=canonical should suffice

I don't understand this. A "rel-canonical" doesn't create a redirect; it's supposed to obviate the need for one because only one form gets indexed.

If you don't have a full set of redirects, then you'll have the various googlebots-- including Image, Media and whatnot-- systematically crawling all URLs everywhere. With a redirect in place, they should never even be requesting supporting files with the "wrong" protocol. Maybe once in a blue moon for experimentation, but not all the time every time.

A "rel-canonical" doesn't create a redirect; it's supposed to obviate the need for one because only one form gets indexed.

Yep. A redirect would admittedly be preferable here, however, (it sounded like) a rel-canonical might be easier to implement for the OP? And chewy does states, "The major issue is keeping Google from indexing the https pages" - which a rel-canonical should resolve.