Restrict SSL access for some paths on a apache2 server
Posted
by
valmar
on Pro Webmasters
See other posts from Pro Webmasters
or by valmar
Published on 2011-05-31T19:06:35Z
Indexed on
2011/07/01
16:31 UTC
Read the original article
Hit count: 527
I wanted to allow access to www.mydomain.com/login through ssl only. E.g.: Whenever someone accessed http://www.mydomain.com/login, I wanted him to be redirect to https://www.mydomain.com/login so it's impossible for him/her to access that site without SSL.
I accomplished this by adding the following lines to the virtual host for www.mydomain.com on port 80 in /etc/apache2/sites-available/default
:
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^/login(.*)$ https://%{SERVER_NAME}/login$1 [L,R]
RewriteLog "/var/log/apache2/rewrite.log"
Now, I want to restrict using SSL for www.mydomain.com. That means, whenever someone accessed https://www.mydomain.com, I want him to be redirected to http://www.mydomain.com (for performance reasons).
I tried this by adding the following lines to the virtual host of www.mydomain.com on port 443 in /etc/apache2/sites-available/default-ssl
:
RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^/(.*)$ http://%{SERVER_NAME}/$1 [L,R]
RewriteLog "/var/log/apache2/rewrite.log"
But when I now try to access www.mydomain.com/login, I get an error message that the server has caused to many redirects. That does make sense. Obviously, the two RewriteRules are playing ping-pong against each other.
How could I work around this?
© Pro Webmasters or respective owner