mod_rewrite + ensure SSL gotcha

lobstu · 12th May 2008, 11:56 AM

Hi there,

I have the following rule configured for a site of mine:

RewriteCond %{SERVER_PORT} !443$
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]

As you can see, it ensures that all requests are forwarded to the SSL version of themselves. Now I want to exclude a folder in the root of the site, 'software', from this rule. I tried this and some variants:

RewriteCond %{SERVER_PORT} !443$
RewriteCond %{REQUEST_URI} !^/software(.+)$
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]

But for some gosh-darn reason it insists on forwarding all the /software/* requests to https.

I've googled, I've read the manual, the cheat sheet on ilovejackdaniels.com, and I just don't know what else to do. I would love to configure RewriteLog but as this site is on a shared host I just don't have the capability.

Any takers?

The site in question will be moving to UnitedHosting shortly.

Thanks
lobstu

MrBen · 12th May 2008, 12:54 PM

I do something similar on one of my sites. The following should work. You need to exclude /software/ from the first rewrite. Each rule uses [L] which means last rule - i.e. don't bother processing any more.

Code:

RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/software/.*$ [NC]
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]

RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} ^/software/.*$ [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

Ben

lobstu · 12th May 2008, 01:04 PM

Thanks once again Ben

Is there a definitive how-to-use-mod_rewrite site/page somewhere?

I'd love a narrative-style but thorough tut on apache/mod_rewrite configuration.

It appears to be incredibly versatile!

MrBen · 12th May 2008, 01:42 PM

No problem. I've just stumbled through it as required and picked up the knowledge as I went.

I Love JD is pretty useful, but otherwise I just keep Googling until I've found what I wanted.

Ben