.htaccess Force SSL (HTTPS) On all pages besides a few

Question

Ok, so i need to forward all traffic through HTTPS besides on ONE specific page. Here is my current .htaccess code:

RewriteEngine On 

RewriteCond %{SERVER_PORT} 80 

RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

ErrorDocument 404 /404.html

Options -Indexes

So basically i need to forward all traffic through HTTPS BESIDES my /r.php & /l.php & /c.php page, can this be done? I tried doing some research but haven't found too much.

EDIT: Would this work?

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/r.php$
RewriteCond %{REQUEST_URI} !^/c.php$
RewriteCond %{REQUEST_URI} !^/l.php$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Martin · Accepted Answer

IT IS HIGHLY RECOMMENDED TO USE A SECURE CONNECTION IF IT IS AVAILABLE TO YOU

RewriteEngine On
RewriteCond %{HTTPS} off
#Add slash(es) before special characters to escape them as literals
RewriteCond %{REQUEST_URI} !^\/r\.php$ 
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

What this does is check if your HTTPS flag is set on the server, if it is not set, and the page is not /r.php then redirects the page to the secure HTTPS equivalant.

EDIT: The /r.php entity needs to have the / and . escaped by having these characters preceeded by backslashes \.

The RewriteCond line "escapes" the /r.php page reference from the Secure connection flag check, it is better to use the proper server flag as detailed here, rather than manual port requests because secure/insecure standard hypertext protocol ports can be ANY port on a server, and it is only convention (and not at all required) that TLS/HTTP ports are 443/80 etc.

.htaccess Force SSL (HTTPS) On all pages besides a few

Answers (2)

Related Questions