Apache SSL for login and NON-SSL for everything else (.htacces)

Posted by The Devil on Server Fault See other posts from Server Fault or by The Devil
Published on 2011-01-30T20:42:03Z Indexed on 2011/01/30 23:27 UTC
Read the original article Hit count: 272

Filed under:
|
|
|

Hey

I've almost figured it out on my own but there's something I'm missing. I want to set a couple of directories and files to require SSL and everything else that's not related to those files and dirs to point back to http.

So far I have this:

RewriteEngine on
RewriteBase /
# Force ssl for login & admin
RewriteCond %{HTTPS} !on
RewriteRule ^/?(admin(.*)|login\.php)$ https://%{SERVER_NAME}/$1 [R,NC,L]

# Force non-ssl for others 
RewriteCond %{HTTPS} on
RewriteRule ^/?(admin(.*)|login\.php)$ http://%{SERVER_NAME}/$1 [R,NC,L]

I'm sure I'm doing something wrong but I just can't figure it out.... The first condition works perfect - whenever I access login.php or /admin/ it points to https. But the second one doesn't...

Where have I mistaken ?

Thanks in advance!

© Server Fault or respective owner

Related posts about .htaccess

Related posts about redirect