#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2009
    Posts
    5
    Rep Power
    0

    Configuring htaccess to force SSL / non-SSL


    Hi all,

    I am configuring a website that uses Codeigniter and Iím having issues trying to set up my htaccess file to force the user off SSL when it is not required. I have managed to get it to force the user to use SSL in the controllers that require it (admin, account, application), but once they are using SSL they are on it for the entire site. Ideally I would like the user to be pushed back to http on the pages not in the controllers defined.

    Code:
    RewriteEngine On
    
    RewriteBase /
    
    # Force SSL for /admin, /account or /application URLs
    RewriteCond %{SERVER_PORT} !=443
    RewriteCond %{REQUEST_URI} ^/(admin|account|application)
    RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R=301,L]
    
    # Force HTTP for other URLs
    RewriteCond %{SERVER_PORT} !=80
    RewriteCond %{REQUEST_URI} !^/(admin|account|application)
    RewriteRule ^(.*)$ http://%{SERVER_NAME}/$1 [R=301,L]
    
    #Codeigniter's page handling
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php?/$1 [L]
    If I remove the middle rule set then it works as I described, but adding the middle rule not only stops the SSL redirect but also adds Ďindex.php?/í to the URL of the SSL pages, which may be to do with CI but it only happens when this rule is added.

    Any help would be greatly appreciated, Iím sure itís something simple Iím missing, I just donít know what!
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2009
    Posts
    5
    Rep Power
    0
    I think I have a solution for those interested:

    Code:
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} ^/(admin|account|application)
    RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [L]
    
    RewriteCond %{SERVER_PORT} 443
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !^/(admin|account|application)
    RewriteRule ^(.*)$ http://%{SERVER_NAME}/$1 [L]  
    
    RewriteCond $1 !^(index\.php|assets|robots\.txt)
    RewriteRule ^(.*)$ /index.php/$1 [L]

IMN logo majestic logo threadwatch logo seochat tools logo