Redirect HTTPS to HTTP except for specific URL

apache-2.2 .htaccess redirect https
17,078

Solution 1

I believe this should do the trick:

RewriteEngine On
RewriteBase /

# Turn SSL on for /user/login
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/user/login
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

# Turn SSL off everything but /user/login
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/user/login
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]

The above will do the following:

1. User types: https://yourdomain.com/user/login - no redirect
2. User types: http://yourdomain.com/user/login -> redirect to: https://yourdomain.com/user/login
3. User types: https://yourdomain.com/somerandomfile.php -> redirect to: http://yourdomain.com/somerandomfile.php
4. User types: http://yourdomain.com/somerandomfile.php - no redirect

Solution 2

Something like this should work:

RewriteEngine on
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/user/login
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R,L]

But this doesn't make much sense for me. It would be better if you redirect only requests to /user/login via SSL and leave everything else as it is:

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule /user/login(.*) https://%{HTTP_HOST}/user/login$1 [R,L]
Share:
17,078

Related videos on Youtube

Scott Ross
Author by

Scott Ross

Updated on September 18, 2022

Comments

  • Scott Ross
    Scott Ross over 1 year

    We'd like to redirect all HTTPS traffic to HTTP except for a specific URL which is /user/login

    So far we've got:

    RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^user/login(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

    But it's causing a redirect loop, when it redirects back to HTTP

  • Scott Ross
    Scott Ross over 12 years
    Thanks. If we use HTTPS to serve the site then we lose the ability to cache pages with Varnish, so that's why I'd like to flip all HTTPS traffic back to HTTP except from the user login/account stuff, which we need to run over HTTPS
  • Scott Ross
    Scott Ross over 12 years
    This still appears to send anyone visiting example.com/user/login to example.com/user/login ?
  • Scott Ross
    Scott Ross over 12 years
    Nope, that's not what I'm looking for
  • Felipe Alcacibar
    Felipe Alcacibar over 12 years
    talks about the same in your chosed as correct answer =) the key is the negation operator

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Redirect NON-www to www for https
Curl: (51) error when trying to check whether or not my website redirects correctly
Force HTTPS for specific URL
Redirect non-www and non-http to https
What's correct htaccess rule to redirect mixed content to HTTPS
Redirect IP to domain using SSL
Apache HTTPS redirect from old domain to new HTTPS Domain
How to rewrite from /page to /xx/page, using htaccess & apache only?
How to redirect http to https for IP and domain on Apache2
redirected you too many times