Thanks for this Reinhard, I agree, the env settings in my rules are just making a lot of noise. Your rules are much easier. One problem I see is that your [2] seems to create an infinite loop. When a user go to http://localhost/myapp. This will infinitely trigger the rule over and over again. What I have done is to add a RewrtiteCond before and it now the rules look like
#[1] all /user, /subscription and /login pages should be served in https RewriteRule /myapp/user https://%{HTTP_HOST}%{REQUEST_URI} [R,L] RewriteRule /myapp/subscription https://%{HTTP_HOST}%{REQUEST_URI} [R,L] RewriteRule /myapp/login https://%{HTTP_HOST}%{REQUEST_URI} [R,L] #[2] For all other pages, if in https mode, serve the page in http mode. RewriteCond %{SERVER_PORT} ^443$ RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R,L] The RewriteCond solves the problem of the indefinite loop, BUT still, the switch from https to http does not occur... The following change solved the problem. ALSO, I had to put it in my <VitualHost *:443> section!!! #[2] For all other pages, if in https mode, serve the page in http mode. RewriteCond %{SERVER_PORT} ^443$ RewriteCond %{REQUEST_URI} !^/myapp(/login.*|/user.*|/subscription.*) RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [L] Thanks again for your inspiration Beto On 22 May 2010, at 04:06, Reinhard Vicinus wrote: > Hi, > > the problem is that if a site which shouldn't be served by https is called by > http your first rewriterule sets ps:https but the first rewriterule after > #[2] isn't used because HTTPS is not on. > > I think you can also have your desired effect much more easier like this: > > #[1] all /user, /subscription and /login pages should be served in https > RewriteRule /user https://%{HTTP_HOST}%{REQUEST_URI} [R,L] > RewriteRule /subscription https://%{HTTP_HOST}%{REQUEST_URI} [R,L] > RewriteRule /login https://%{HTTP_HOST}%{REQUEST_URI} [R,L] > > #[2] For all other pages, if in https mode, serve the page in http mode. > RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R,L] > > Kind regards > Reinhard > > > On 21/05/10 22:58, Beto Limoun wrote: >> Hello group, >> >> I am working on the mod_ssl configuration on a website and trying to achieve >> following: >> When a user accesses a page posting sensitive data to the server, the page >> should be accessed in httpS mode. What I am doing to achieve this is that I >> have a set of rewrite rules that will match the URI and invoke the httpS >> page. [1] >> This seems to be working fine. >> The problem I am facing is that when in httpS mode I select a page that is >> supposed to be accessed in http mode, apache still calls it in httpS mode. I >> have added some rewrite rules to prevent this [2], but they somehow get >> ignored. >> >> Example: >> Being in httpS://localhost/myapp/user/register >> I click on the linked home page logo image and expect to be resent to >> http://localhost/myapp/ but land instead in httpS://localhost/myapp/ >> >> I would appreciate if you can suggest a more elegant solution from your own >> experience of a fix to my config below. >> >> Many thanks in anticipation. >> >> Beto >> >> # >> # >> # >> RewriteLog "/private/var/log/apache2/rewrite.log" >> RewriteLogLevel 9 >> >> Options +FollowSymlinks >> RewriteEngine on >> >> #[1] all /user, /subscription and /login pages should be served in https >> RewriteCond %{HTTPS} =on [OR] >> RewriteCond %{HTTPS} !=on >> RewriteRule ^(.+)$ - [env=ps:https] >> RewriteRule ^.*/user(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L] >> RewriteRule ^.*/subscription(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L] >> RewriteRule ^.*/login(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L] >> >> #[2] For all other pages, if in https mode, serve the page in http mode. >> RewriteCond %{HTTPS} =on >> RewriteCond %{REQUEST_URI} !^/(user.*|login.*|subscription.*) >> RewriteRule ^(.+)$ - [env=ps:http] >> RewriteRule ^(.+)$ %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L] >> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP Server Project. >> See<URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> " from the digest: users-digest-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
