Force HTTPS on entire website plus content, but allow HTTP for several items

Question

I have a website located here: https://www.virginiaseo.org

I use a Wordpress plugin, which forces all content to be over HTTPS. Without this plugin, I get the little yellow mixed content sign, which is less than desirable. This plugin forces every page including admin to be on HTTPS.

Here is the plugin page: http://wordpress.org/plugins/wordpress-https/

I also use .htaccess rules, and include one to force HTTPS. Here is the rule:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.virginiaseo.org/$1 [R=301,L]
</IfModule>

This all works great, except for a couple of resources I can't get over http which are needed by third party crawlers and applications. A prime example is: robots.txt

How can I make robots.txt accessible over http while not messing up everything else on the site.

Also, the HTTPS configuration with the plugin is less than prime, but it seems the only way to FORCE HTTPS on my entire site. I am concerned with duplicate content issues and such by having it available on http at the same time. I am open to any suggestions about my setup, and thanks in advance!

Answer 1

You can try a rule like this:

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !/(robots\.txt|favicon.ico) [NC]
RewriteRule ^(.*)$ https://www.virginiaseo.org/$1 [R=301,L]

RewriteCond %{HTTPS} on
RewriteRule ^(robots\.txt|favicon.ico)$ http://www.virginiaseo.org/$1 [R=301,L]