Correctly switching between HTTP and HTTPS using .htaccess

by

I use something similar to this for my admin folder in wordpress:

#redirect all https traffic to http, unless it is pointed at /checkout
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/checkout/?.*$
RewriteRule ^(.*)$ http://mydomain.com/$1 [R=301,L]

The RewriteCond %{HTTPS} on portion may not work for all web servers. My webhost requires RewriteCond %{HTTP:X-Forwarded-SSL} on, for instance.

If you want to force the reverse, try:

#redirect all http traffic to https, if it is pointed at /checkout
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/checkout/?.*$
RewriteRule ^(.*)$ https://mydomain.com/$1 [R=301,L]

If you want some alternate ways to do it, check out askapache.

More Related Contents:

  1. http to https through .htaccess
  2. Max memory usage of a chrome process (tab) & how do I increase it?
  3. What is the proper HTTP response to send for requests that require SSL/TLS
  4. HTTPS Proxy Server in node.js
  5. htaccess redirect for non-www both http and https
  6. How to redirect all HTTP requests to HTTPS
  7. Can I change all my http:// links to just //?
  8. Force SSL/https using .htaccess and mod_rewrite
  9. Https to http redirect using htaccess
  10. Why am I suddenly getting a “Blocked loading mixed active content” issue in Firefox?
  11. Dealing with HTTP content in HTTPS pages
  12. Is there any downside for using a leading double slash to inherit the protocol in a URL? i.e. src=”//domain.com”
  13. Easy HTTP requests with gzip/deflate compression
  14. Ideal HTTP cache control headers for different types of resources
  15. Force HTTPS for specific URL
  16. URL without “http|https”
  17. Are Callable Cloud Functions better than HTTP functions?
  18. HTTP and HTTPS iframe
  19. How to redirect all HTTP requests to HTTPS using .htaccess rules?
  20. Reading cookies via HTTPS that were set using HTTP
  21. Page loaded over HTTPS but requested an insecure XMLHttpRequest endpoint
  22. Error “You’re accessing the development server over HTTPS, but it only supports HTTP”
  23. Redirect all http AND https non-www URLS to https://www.xyz.com via htaccess
  24. Invalid self signed SSL cert – “Subject Alternative Name Missing”
  25. How to catch exception correctly from http.request()?
  26. Simple Java HTTPS server
  27. Cross Origin Resource Sharing with Credentials
  28. iOS9 does not load insecure resources from a secure page (SSL/HTTPS)
  29. What’s the difference between http://*:80 and http://+:80
  30. What is a connection timeout during a http request

Leave a Comment