0

I found many questions like this and tried almost all but failed. My most latest code is:

RewriteCond %{HTTPS} !^on$
RewriteCond %{REQUEST_URI} (/page_1|/page_2|/page_3|/page_3)$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]

I want to redirect http to https only for those pages (page_1 - page_4)

Initially it seems to be work but once I reached to page_1 with https and click any other (let say page_my_http_1) link which should not be https it also redirect to https for that page (page_my_http_1).

I also tried:

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} (auth|register|secure)
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301]

RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !(auth|register|secure)
RewriteRule ^(.*)$ http://%{SERVER_NAME}%{REQUEST_URI} [R=301]

or is there any way to show custom message to user if SSL certificate is not activated on their browser?

Actually many non-technical user gets shocked when the see default warning message shows by the browser.

halfer
  • 19,824
  • 17
  • 99
  • 186
PHP Ferrari
  • 15,754
  • 27
  • 83
  • 149
  • It's not the users that hasn't activated SSL it's your server that must keep a valid certificate. I'm guessing you're mixing both HTTPS and HTTP requests on a HTTPS page; this will show the user a warning message because the HTTP requests are not encrypted. I think you can redirect HTTP requests to HTTPS using the *HTTP\_REFERER* field. Ideally i think it would be best if your paths in your application would be more flexible about which protocol to use – kjetilh Mar 08 '13 at 11:43

1 Answers1

0

I changed your example only slightly, but basically it just works 

RewriteEngine on

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/(?:auth|register|secure)$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R]

RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/(?:auth|register|secure)$
RewriteRule .* http://%{SERVER_NAME}%{REQUEST_URI} [R]

I added the ^, $ and /, because otherwise a request like nosecure or authority would be redireted to HTTPS as well.

Never test with 301 enabled, see this answer Tips for debugging .htaccess rewrite rules for details.

Community
  • 1
  • 1
Olaf Dietsche
  • 72,253
  • 8
  • 102
  • 198
  • @PHPFerrari: remember that if something doesn't work, you need to _explain_ what you wanted to happen, and what actually did happen. If you just use the phrase "doesn't work" then you are not providing any useful information to respond to, which forces your interlocutor to ask (as here). – halfer May 01 '13 at 15:43