I'm far far far from being competent with mod_rewrite, but I think the key is to use the [R] flag so you don't get the hostname stripped off. Thus you should be able to do:

RewriteRule ^login.php$ [mydomain.com...] [R]

Of course, depending on actual paths, you may need to do

^(.*)login.php(.*)$

Or whatever. You could also redirect from within PHP using header().

Tom

Thank you Tom,
You got me thinking and after a while of playing around with mod_rewrite I decided it was much easier for me to write a PHP include for the pages I want to be sure to load in https.

But it wasn't easy either! I checked the REQUEST_URI to see if it as http or https and if it was http then send a header(location:https://$HTTP_HOST$PHP_SELF) but this created a loop! I think (I didn't check really) that the REQUEST_URI is not set using a header(location:...), so I set up a session variable (I'm already using session so...) and use it to check whether it comes for the second time in https mode.

Of course the variable is immediatly emptied once it is checked.

Anyway, this might not be the best solution, although it works.

Other ideas?

transistor,

ergophobe's mod-rewrite method will work fine, *as long as* you precede the RewriteRule with
a RewriteCond that checks the "incoming" method. Otherwise, the rule will be applied repeatedly,
and you'll never finish the rewrite. Basically, you'll "lock up" your server. To avoid that:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} !^https
RewriteRule ^login.php$ [mydomain.com...] [R,L]

With the added RewriteCond, the rule will not be applied unless the incoming method is NOT https.

Also, note the addition of [L] to specify that further rewrite ruleset evaluations need not
continue until the .htaccess file is re-evaluated (re-run) after the redirect takes place.

Hope this helps,

Jim

Aha! so thats what was missing!

Thank you very much Jim. It's a lot better to make mod_rewrite take care of the http/https stuff.

:)
Thank you!

Well, I warned you that I was far far from competent! Maybe I should have added one more "far". Anyway, I'm glad someone stepped in with the missing element.

Thanks JD.

Tom

Incidentally, isn't also possible to do something like this:

RewriteEngine On
RewriteRule ^https://www.mydomain.com/login.php$ - [L]
RewriteRule ^login.php$ [mydomain.com...] [R,L]

That should stop the loop too shouldn't it, though it's a lot less general?

ergophobe,

Sorry for the delay... Had to work! ;)

Actually no, that approach won't work because the "method" (http or https) and the full domain
(www.domain.tld) are not directly "visible" in the RewriteRule as they are in the RewriteCond. All
URLs to be rewritten by the RewriteRule are assumed to start with a method plus your domain name.
There *is* probably a work-around, but using the RewriteCond as intended is simple enough.

I've never tried rewriting a URL to "-" without also specifying a redirection code [R=301,L] or
the shorthand [F,L] for "Forbidden-403", so I'm not sure what your first rule would do.

BTW Tom, AFAIK, you get extra credit around here for trying to help! A nudge in the right direction
from a non-expert beats getting ignored by an expert every time... And besides, I'm mostly a
"nudger" around here myself - Hey, I figured out the server lockup problem all by myself - by
locking up my server! So, you're a little less "far" than you think. :)

Take care,
Jim

jd

Thanks for the explanation (and positive vote). I've only done simple rewrites and nothing involving the method.

Lots to learn around here!

Tom