Apache/2.2.6 (Win32) mod_ssl/2.2.8 OpenSSL/0.9.8g PHP/5.2.6
I’ve tested it locally, all use cases seem to work fine. If you have further questions, feel free to ask.
# Rewrite Rules for example.com
RewriteEngine On
RewriteBase /
# Redirect from example.com to www.example.com
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
# Turn SSL on for payments
RewriteCond %{HTTPS} off
RewriteCond %{SCRIPT_FILENAME} \/payments\.php [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
# Turn SSL off everything but payments
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !\/payments\.php [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
IMPORTANT! When the user navigates from any https page with www to any https page without www, he’s asked to accept security certificate of your non-www domain.
For example (YES = request to accept the certificate, NO – opposite):
1) https://www.asdf.com/payments.php - YES (www.asdf.com)
2) http://www.asdf.com/phpinfo.php - NO
3) https://asdf.com/phpinfo.php - YES (asdf.com)
4) https://www.asdf.com/phpinfo.php - NO
I tried to reorder rules in .htaccess with no success. If anyone finds a better solution, it’ll be highly appreciated.