How to selectively redirect to https/http

Question

I need to incorporate some pages in site to https. Now what I want following two cases .

If page REQUEST_URI are user, user/login, user/register, cart, checkout AND original protocol is http. Redirection to https should happen.
If page REQUEST_URI are other than user, user/login, user/register, cart, checkout AND original protocol is https. Redirection to http should happen.

So What I implemented the following Rules .

# Block 1 - Forcing HTTPS
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{SERVER_PORT} 80

# Forcing HTTPS
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} ^/cart  [OR]
RewriteCond %{REQUEST_URI} ^/checkout  [OR]
RewriteCond %{REQUEST_URI} ^/user/login [OR]
RewriteCond %{REQUEST_URI} ^/user [OR]
RewriteCond %{REQUEST_URI} ^/user/register
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]


# Block 2 - Forcing HTTP
RewriteCond %{HTTPS} !=off [OR]
RewriteCond %{SERVER_PORT} 443

RewriteCond %{SERVER_PORT} !^80$
RewriteCond %{REQUEST_URI} !^/cart 
RewriteCond %{REQUEST_URI} !^/checkout 
RewriteCond %{REQUEST_URI} !^/user/login
RewriteCond %{REQUEST_URI} !^/user
RewriteCond %{REQUEST_URI} !^/user/register
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]


# The following rule tells Apache that if the requested filename
# exists, simply serve it.
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
# The following rewrites all other queries to index.php. The 
# condition ensures that if you are using Apache aliases to do
# mass virtual hosting, the base path will be prepended to 
# allow proper resolution of the index.php file; it will work
# in non-aliased environments as well, providing a safe, one-size 
# fits all solution.
RewriteCond %{REQUEST_URI}::$1 ^(/.+)(.+)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteRule ^(.*)$ %{ENV:BASE}index.php [NC,L]

Here I facing problem, If one of two block is enabled functionality run smoothly according to rules. But if both were enabled, recursive redirection start to happen. I need both functionality. If it is possible through .htaccess rules ?

UPDATE : The similar question asked on SO as how in htaccess can i redirect the user to https from http and back again . But it only have one answer suggesting to move on applciation side.

UPDATE 2 : Added Zend Framework Application default .htaccess rule

anubhava · Answer 1 · 2014-06-19T07:14:48.340

1

You have made it pretty complex. Simplify your rules like this:

RewriteEngine On

# Block 1 - Forcing HTTPS
RewriteCond %{HTTPS} off [OR]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(cart|checkout|user|user/login|user/register)/?$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,NE,L]

# Block 2 - Forcing HTTP
RewriteCond %{HTTPS} on [OR]
RewriteCond %{SERVER_PORT} 443
RewriteRule !^(cart|checkout|user|user/login|user/register)/?$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,NE,L]

Make sure to test in a new browser to avoid 301 caching issues.

edited Jun 19 '14 at 07:14

answered Jun 19 '14 at 06:41

anubhava

761,203
64
569
643

Actually I have no control of Other URI which can be built like user/details, user/info, cart/new Which may/may not be https pages. So I need to match exact start using RewriteCond . Using (cart|checkout|user) will utilize other urls too. – kuldeep.kamboj Jun 19 '14 at 06:50
But you have `RewriteCond %{REQUEST_URI} ^/user [OR]` in your first rule will force `https` for all the URI starting with `/user` – anubhava Jun 19 '14 at 06:54
Hmm probably I will add '$' at end soon. As exact url matching be required. – kuldeep.kamboj Jun 19 '14 at 07:13
Facing strange problem. https to http part (Forcing http) goes OK. But http to https part (Forcing https) redirected to index.php. I have no control on this. ( As application (Zend Framework 2) already have rule for redirected all request to index.php ). See Updates for Application default .htaccess part – kuldeep.kamboj Jun 19 '14 at 08:05
That means you have some other rule/code issue since entering `https://domain.com/cart` will not make both of my suggested rules execute. – anubhava Jun 19 '14 at 10:16
For testing comment out `RewriteRule ^(.*)$ %{ENV:BASE}index.php [NC,L]` line and test in a new browser to check if it makes any difference. – anubhava Jun 19 '14 at 10:22
Not actually second one is executing fine. Non listed pages redirecting back to http fine. Only first one http -> https having problem. – kuldeep.kamboj Jun 19 '14 at 10:36
Looks like you have browser caching issues. Make sure you test it in a new browser every time OR change 301 to 302 in the rules. – anubhava Jun 19 '14 at 10:38
After comment out last line, Redirection http -> https happen, But as application can not handle it, So 404 page comes as expected. – kuldeep.kamboj Jun 19 '14 at 10:39
ok good that means rule for `http->https` is working fine but due to your last Zend framework rule it is messing up. You will need to read it in Zend manuals. – anubhava Jun 19 '14 at 10:40
Actually I already removed R=301 part & checked, I think it is equal to 302 as default redirection method. – kuldeep.kamboj Jun 19 '14 at 10:41
Yes by default it is 302. Your problem seems to be Zend framework not handling `https` and redirecting it to `/index.php`. Unfortunately I don't know anything beyond this about Zend. – anubhava Jun 19 '14 at 10:47

How to selectively redirect to https/http

1 Answers1