Restrict SSL access for some paths on a apache2 server

Posted by valmar on Pro Webmasters See other posts from Pro Webmasters or by valmar
Published on 2011-05-31T19:06:35Z Indexed on 2011/11/28 18:52 UTC
Read the original article Hit count: 473

Filed under:
|

I wanted to allow access to www.mydomain.com/login through ssl only. E.g.: Whenever someone accessed http://www.mydomain.com/login, I wanted him to be redirect to https://www.mydomain.com/login so it's impossible for him/her to access that site without SSL.

I accomplished this by adding the following lines to the virtual host for www.mydomain.com on port 80 in /etc/apache2/sites-available/default:

RewriteEngine   on
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^/login(.*)$ https://%{SERVER_NAME}/login$1 [L,R]
RewriteLog      "/var/log/apache2/rewrite.log"

Now, I want to restrict using SSL for www.mydomain.com. That means, whenever someone accessed https://www.mydomain.com, I want him to be redirected to http://www.mydomain.com (for performance reasons).

I tried this by adding the following lines to the virtual host of www.mydomain.com on port 443 in /etc/apache2/sites-available/default-ssl:

RewriteEngine   on
RewriteCond     %{SERVER_PORT} ^443$
RewriteRule     ^/(.*)$ http://%{SERVER_NAME}/$1 [L,R]
RewriteLog      "/var/log/apache2/rewrite.log"

But when I now try to access www.mydomain.com/login, I get an error message that the server has caused to many redirects. That does make sense. Obviously, the two RewriteRules are playing ping-pong against each other.

How could I work around this?

© Pro Webmasters or respective owner

Related posts about apache

Related posts about ssl