Submitted by boydjd on Mon, 12/17/2007 - 08:45
Posted in
So, you've got a site that you want to require SSL on, but not for certain pages? I couldn't seem to make sense of most of the documentation out there on Apache's mod_rewrite module, so after 3 days I finally came up with the rules that work for this task. I figured I'd put them up here to help anybody else who runs into a similar requirement, and so that I have it sitting somewhere that I won't forget about it!
<ifmodule>RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/cron\.php$
RewriteCond %{REQUEST_URI} !^/mysql.php$
RewriteCond %{REQUEST_URI} !^/up\.html$
RewriteRule (.*) https://www.domain.org/</ifmodule>
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/cron\.php$
RewriteCond %{REQUEST_URI} !^/mysql.php$
RewriteCond %{REQUEST_URI} !^/up\.html$
RewriteRule (.*) https://www.domain.org/</ifmodule>
Also, if you happen to have certain directories that you want to be available via standard http and not https, place this into an .htaccess in the appropriate directory:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{SERVER_NAME}/directory%{REQUEST_URI}
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{SERVER_NAME}/directory%{REQUEST_URI}
I'm sure there's a better way of doing this in-line with the root .htaccess file, but I gave up trying to parse the mod_rewrite documentation. It's like trying to find the meaning of life in an Calc 5 book.
Trackback URL for this post:
http://www.jbip.net/trackback/14