Conditionally redirect pages from http to https or https to http

Question

I am trying to edit my .htaccess file in order to have users go through an SSL connection for some pages, and not for others.

For example, when visiting a page called login.php (which sometimes is login.php?lo=true) they enter in their log in details. After they visit login.php they then proceed to check_login.php and if they are successful they move on to index.php.

My question is this: How do I change my .htaccess file in order for the following to occur:

http://www.site.com/login.php ---> https://www.site.com/login.php and if there are variables such as lo=true
http://www.site.com/check_login.php --> https://www.site.com/check_login.php
Any other page that is NOT login.php or check_login.php to be just http, not https

My knowledge of ModRewrite rules is limited and so far I have implemented the following:

RewriteCond %{HTTPS} !=on
RewriteRule ^login\.php$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteRule ^login\.php?lo=true$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Any help would be greatly appreciated.

Salman Arshad · Accepted Answer

There is no need to worry about query strings unless you use a ? in the replacement URL. Below are the two sets of rules you need (the second set of rules is simply the opposite of first):

RewriteCond %{HTTPS} !=on
RewriteRule  ^(?:login\.php|check_login\.php)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]

RewriteCond %{HTTPS} =on
RewriteRule !^(?:login\.php|check_login\.php)$  http://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]

Note that I have used 302 redirects for testing. Do not forget to change to 301.

Conditionally redirect pages from http to https or https to http

Answers (2)

Related Questions