stackoom
  简体   繁体   中英

.htaccess force ssl when not www

 原文  2010-06-04 19:31:05       apache/ .htaccess/ ssl/ redirect

Question

I have a site which uses ssl when accessing a subdomain which essentially is hosting the actual app, whereas the front end site is present at www, which I don't want to use ssl. So this would allow: 

http://www.domain.com

but if somebody types: 

http://secure.domain.com

they get forced to: 

https://secure.domain.com

which when using this subdomain doesn't allow any non-ssl traffic.

Currently I have this in my .htaccess file: 

RewriteCond %{HTTP_HOST} ^domain\.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]

RewriteCond "%{HTTP_HOST}" !^www.* [NC]
RewriteCond "%{HTTP_HOST}" ^([^\.]+).*$
RewriteRule ^(.*)$ https://secure.domain.com/a/login/%1 [R=301,L]

This works fine, but if I then edit the URI to remove the s from https it still loads the page but without ssl.

If I add: 

SSLOptions +StrictRequire
SSLRequireSSL

to the top of the .htaccess file then it always forces the traffic to ssl, but that is for all subdomains including www.

Is there a way to catch only the non-www traffic and force that to use ssl?

EDIT:

To clarify:

For example, if you are at: 

https://secure.domain.com/a/login/test

and the edit the URI to be 

http://secure.domain.com/a/login/test

then it still loads the page but not using ssl. But if I use 

SSLRequireSSL

then it forces the requirement for the entire site, and I don't want to use ssl at 

http://www.domain.com

1 answers

solution1
 2 ACCPTED  2010-06-04 21:44:05

SOLVED

After a bit of tweaking I have now solved this issue. What I did was edit the .htaccess file that was in the subdirectory where the application is: https://secure.domain.com/ a /login/test and set it to detect if ssl was being used or not (I should add the rest of the .htaccess file is for the benefit of CodeIgniter): 

RewriteEngine on

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

RewriteCond %{HTTPS} on
RewriteCond $1 !^(index\.php|images|includes|css|js|robots\.txt|favicon\.ico)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question htaccess to strip www and force SSL Force SSL + www + Subdirectory with .htaccess htaccess - Force SSL and www with Domain in Subfolder OpenCart 3.0.2.0 - force SSL and fix “www” .htaccess Force SSL .htaccess Only For WWW not any other subdomain force non www to www in htaccess force SSL and no WWW on Apache htaccess force www not for cdn htaccess force www and https Force HTTPS and WWW in .htaccess
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM