Geek Answers Handbook

Htaccess: force http on all pages and https in selected directories

I have the following:

RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} protected [NC] RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301] RewriteCond %{HTTPS} on RewriteCond %{REQUEST_URI} !protected [NC] RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [L,R=301]

If the directory is called "secure", make sure the user uses https. If the directory has nothing but "secure", make sure the user uses http.

This works fine, but how do I specify additional directories?

Also, is there a way to do this without having to specify directories twice? Once to include it and once to exclude it?

Thanks!

UPDATE

Although my “protected” folder was forced to use https because of my rules, any links to images, stylesheets, and javascripts that were not in the “protected” folder were still redirected to http. This causes the protected page to be partially protected. Adding the following to the redirect code solves the following:

 RewriteRule \.(css|gif|jpe?g|js|png|swf)$ - [L]
+4
source share
2 answers
 RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} protected [NC,OR] RewriteCond %{REQUEST_URI} protected2 [NC,OR] RewriteCond %{REQUEST_URI} protected3 [NC] RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301] RewriteCond %{HTTPS} on RewriteCond %{REQUEST_URI} !protected [NC] RewriteCond %{REQUEST_URI} !protected2 [NC] RewriteCond %{REQUEST_URI} !protected3 [NC] RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [L,R=301]

You can use OR to add additional parameters!


More about mod_rewrite conditions: http://httpd.apache.org/docs/current/mod/mod_rewrite.html#RewriteCond

+7
source

I do this in the vhost configuration ( LocationMatch not available in htaccess, but this way you can make sure you never delete it by accident):
(Note: replace __SERVER__ with your server, it is not automatic.)

 <VirtualHost *:80> ... <LocationMatch "(.*(p|P)hpMyAdmin.*)"> RedirectPermanent / https://__SERVER__/ </LocationMatch> </VirtualHost> <VirtualHost *:443> ... <LocationMatch "!(.*(p|P)hpMyAdmin.*)"> RedirectPermanent / http://__SERVER__/ </LocationMatch> </VirtualHost>

I have never tested the second scenario (redirecting to unsafe), but it should work (not sure about the placement ! ).
I have not yet found a good way not to specify them twice, but just copy the single-line regular expression for LocationMatch

0
source

More articles:


All Articles