使用mod_rewrite在某些页面上从强制SSL切回时出现问题

Question

Client wants login pages to load via https. This is easily accomplished, but since the site uses pretty url's, we now stay in https mode when clicking around after login is finished. This breaks secure files which are uploaded in the CMS, stored above webroot, and downloaded by streaming through a php script if user has the appropriate permissions. So, we need to switch back to regular http when we're no longer on a login page. Here's what I have in my .htaccess file:

RewriteEngine On
Options +FollowSymLinks

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.domain\.com [NC]
RewriteRule ^(login\.php|members\.php)$ https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteRule ^(login\.php|members\.php)$ https://www.%{HTTP_HOST}%{REQUEST_URI}

RewriteCond %{HTTPS} on
RewriteCond %{IS_SUBREQ} false
RewriteRule !^(login\.php|members\.php)$ http://%{HTTP_HOST}%{REQUEST_URI}

Everything is working fine except the last line, which is getting confused by the pretty url's and redirecting to view.php (which handles translating pretty url lookup codes to database id's that are used in the querystring) if I use {REQUEST_URI}, and the homepage if I use $1 or the path.

I need to figure out a way to make this rewrite to switch back to http mode bypass the pretty url rewrite, but I don't know how to get the actual address that was typed in rather than what it was rewritten to by Apache.

Please help and thanks in advance!

Answer 1

You could grab the original requested URI path from the request line in THE_REQUEST :

RewriteCond %{HTTPS} on
RewriteCond %{IS_SUBREQ} false
RewriteCond %{THE_REQUEST} ^[A-Z]+\ ([^ ]+)
RewriteRule !^(login|members)\.php$ http://%{HTTP_HOST}%1