htaccess set http on all pages except login page

83 views Asked by At

I used an example from another Stack post to force http on my site for all pages except for a user login page. I don't know if I am missing anything, but this did not work:

# Turn SSL on for login
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^customer/login/ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

# Turn SSL off everything but login
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^customer/login/ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]

That looks like it should work, but for some reason it isn't. Can someone please let me know what I am missing. Thank you.

1

There are 1 answers

3
Panama Jack On BEST ANSWER

REQUEST_URI requires a leading slash. So as you have it, it will not match. Try your rules this way.

# Turn SSL on for login
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/customer/login/ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

# Turn SSL off everything but login
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/customer/login/ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]