.htaccess for SSL?

Question

I have:

RewriteCond %{HTTP_HOST} ^MYDOMAIN\.com$ [NC]
RewriteRule ^(.*)$ http://www.MYDOMAIN.com/$1 [L,R=301]

RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} ^/(user|admin|cart)
RewriteRule ^(.*)$ https://www.MYDOMAIN.com/$1 [R=301,L] 

This effectively routes all /user and /admin and /cart paths to use SSL. My problem is the inverse. I need a rule that states that if you are NOT on those pages, that it redirects you to HTTP (no SSL).

How do I do that?

Answer 1

Does this work? I realize it might not, since the SETENV does not always get processed before the ReWriteRule, but hypothetically, this should handle all of your scenarios:

# Set Correct protocol var based on request:

## Default to http
SetEnv correct_protocol http

## Overwrite to https if secure area
RewriteCond %{REQUEST_URI} ^/(user|admin|cart) [env=correct_protocol:https]

# Set Current (Actual) Protocol Env Variable:

## Again, default to http
SetEnv current_protocol http

## Overwrite with https if %{HTTPS} = on
RewriteCond %{HTTPS} = on [env=current_protocol:https] 

# If current <> correct
RewriteCond %{ENV:current_protocol} != %{ENV:correct_protocol}

# rewrite URL using correct:
RewriteRule .* %{ENV:correct_protocol}://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

Answer 2

First thing clear your browser cache completely and restart your browser. Then replace your .htaccess with this:

Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_HOST} ^MYDOMAIN\.com$ [NC]
RewriteRule ^ http://www.MYDOMAIN.com%{REQUEST_URI} [L,R]

RewriteCond %{HTTPS} !=on
RewriteRule ^(user|admin|cart)(/.*|)$ https://www.MYDOMAIN.com%{REQUEST_URI} [R,L,NC]

RewriteCond %{HTTPS} =on
RewriteRule (?!^(user|admin|cart)(/.*|)$)^.*$ http://www.MYDOMAIN.com%{REQUEST_URI} [R,L,NC]

Answer 3

Just invert the condition!

RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/(user|admin|cart)
RewriteRule ^(.*)$ http://www.MYDOMAIN.com/$1 [R=301,L]