Forum Moderators: phranque
RewriteCond %{HTTPS}!=on
RewriteCond %{REQUEST_URI} .*member.* [OR]
RewriteCond %{REQUEST_URI} .*donat.*
RewriteRule ^(.*)$ [mydomain.com...] [R=301,L]
I have certain rules in my CMS where once a user has accessed something via SSL, the baseurl is set to https (to ensure that images etc. are transfered via SSL). This has the unfortunate side effect of making all links https too. So if the user then goes back to an insecure part of the site they remain using SSL.
Is there a way that I can force SSL off for directories that do not meet the above criteria? To essentially do an If Then Else.
Something like this should work:
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} /(member¦donat)
RewriteRule (.*) https://www.example.com/$1 [R=301,L]
#
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} !/(member¦donat)
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
Jim
If I have the second part (about turning SSL off when leaving the secure site) uncommented the secure pages don't get forced to SSL and they don't get clean URLs.
RewriteEngine on
#
#Force SSL for important pages
RewriteCond %{SERVER_PORT}!^443$
RewriteCond %{REQUEST_URI} /(member¦donat)
RewriteRule (.*) https://www.mydomain.com/$1 [R=301,L]
#
#Turn off SSL when we leave secure area
#RewriteCond %{SERVER_PORT} ^443$
#RewriteCond %{REQUEST_URI}!/(member¦donat)
#RewriteRule (.*) http://www.mydomain.com/$1 [R=301,L]
#
# Rewrite current-style URLs of the form index.php?q=x'.
RewriteCond %{REQUEST_FILENAME}!-f
RewriteCond %{REQUEST_FILENAME}!-d
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
You can try using the %{HTTPS} ^on$ method instead of the port check like I show. I can't test this code locally, so I'm afraid you may need to experiment a bit.
Jim
