Jump to content
OJB

Apache Mod_Rewrite Http / Https

Recommended Posts

Hey guys

 

I am currently (at work) working on some rewrites.

 

 

Basically I have a RewriteRule in my Virtualhost (:80 not :443) which checks if "purchase" is in the URL, and if it is it rewrites to our SSL HTTPS layer as so:

 

>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (/purchase) https://%{HTTP_HOST}%{REQUEST_URI}

 

 

This seems to work nicely. So http://www.ourdomain.com/purchase gets rewritten to https://www.ourdomain.com/purchase as expected.

 

The problem is I need another rule to go the other way. So if we are currently using https and we are accessing a page that isn't "purchase" I want to rewrite back to http.

 

So in my Virtualhost (this time :443) I do the following:

 

>
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule !(/purchase) http://%{HTTP_HOST}%{REQUEST_URI}

 

This doesn't work. I get an infinite redirect loop. I also tried this:

 

>
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !purchase
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

 

Again it doesn't seem to work.

 

 

Can anyone help me with the rewrite back to http from https as http -> https seems to be working nicely.

Share this post


Link to post
Share on other sites

I googled and found this which may help. Basically add a /purchase section to your .htaccess file and a / section.

 

# /purchase/.htaccess

RewriteEngine On

RewriteCond %{SERVER_PORT}!443

RewriteRule ^(.*)$ https://www.x.com/purchase/$1 [R,L]

 

And because https is slower than http, take the users out of https mode when they leave the /purchase/ directory by:

 

# /.htaccess

RewriteEngine On

RewriteCond %{SERVER_PORT} 443

RewriteRule ^(.*)$ https://www.x.com/$1 [R,L]

Share this post


Link to post
Share on other sites

Thanks for that, Bruce. Although there is no actual "purchase" directory, unfortunately. The site is built with a custom MVC pattern PHP framework which rewrites urls so "/purchase" actually corresponds to something along the lines of:

 

index.php?controller=purchase&action=buy

 

Not exactly what it is but gives a decent representation of how it is working behind the scenes. I tried initially doing it all in the root .htaccess file, but for some reason HTTPS requests were ignoring my rewrites. So I decided to move them into our Virtualhosts in our httpd.conf file (this should be faster and more secure any way - I think?) and put them in the :80 and :443 vhost definitions themselves.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...