How to force http on specific folder in https site - .htaccess

I have site with https
But I need specific folder should be http.
How can we achieve it ?
e.g.
my site is
https://www.mywebsite.com
I want folder1/subfolder1 should be forced to http://
e.g. http://www.mywebsite.com/folder1/subfolder1
I searched on net...but maximum search show how to force http to https
I tried .htaccess as follows :
try 1.
RewriteRule ^(/folder1/subfolder1)($|/) - [L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
try 2.
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/folder1/subfolder1
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
But it didn't work..

You can use these rules in your site root .htaccess:
RewriteEngine On
# force https on everything except /folder1/subfolder1
RewriteCond %{THE_REQUEST} !\s/+folder1/subfolder1[/?\s] [NC]
RewriteCond %{HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301]
# force http on /folder1/subfolder1
RewriteCond %{THE_REQUEST} \s/+folder1/subfolder1[/?\s] [NC]
RewriteCond %{HTTPS} on
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
Make sure to clear your browser cache or use a new browser for testing.

Related

.htaccess redirect everything except

I need to redirect all HTTP requests to HTTPS, except requests that are accessing my admin pages.
This should go to HTTP
http://example.com/admin/**/*
This should go to HTTPS:
http://example.com/blas.dfds
This is what I have, it will redirect everything to HTTPS. How to add filter to request that with "admin" keyword?
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Have it this way:
RewriteEngine On
# http-https for everything except /admin
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !/admin [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
# https-http for /admin
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} /admin [NC]
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Test this new set of rules in a new browser.

.htaccess from http and www to https non www

Of the four possible variations of my site URL, I would like to redirect to https://example.com (https:// non-www).
My .htaccess file contains the following:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This redirects from http:// to https:// but not from www to non-www
Any help much appreciated.
Make your first rule generic like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*?)/?$ https://%1/$1 [L,R=301,NE]
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} !on
RewriteRule ^(.*?)/?$ https://%1/$1 [L,R=301,NE]
Make sure to clear your browser cache before testing this change.

.htaccess to control HTTPS on certain pages

I am using htaccess to redirect certain pages to htaccess. The code am using is
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} /core/marketing/editprofile
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
The page is redirecting for/core/marketing/editprofile, but it is not redirecting back to http for other pages after this.
Please tell me hos can i enable https to http redirection also?
You must do the reverse for other pages:
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} /core/marketing/editprofile
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !/core/marketing/editprofile
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Forcing HTTPS to one directory - Removing WWW

I've got a slight problem, this is what i'm using to force https to the checkout directory, just a precaution but the problem is once you go back through to the main pages it inserts www into the URL.
This is a problem as the rest of the sight does not use a www, can anyone suggest how to addapt this to remove/ keep out the www
# force https for all URLs in /checkout
RewriteCond %{HTTPS} =off
RewriteRule ^x9 https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# force http for all other URLs that are not in /checkout
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/x9
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Edit
If you say it's not that section above. This problem only started after the above code was added though, Ive never had this problem before and the code below has been on my site for several months.
#Take off index.html
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{REQUEST_URI} ^(.*/)index\.html$ [NC]
RewriteRule . http://www.%{HTTP_HOST}%1 [R=301,NE,L]
In that case keep your .htaccess like this:
#Take off index.html
RewriteCond %{REQUEST_URI} ^(.*/)index\.html$ [NC]
RewriteRule ^ http://%{HTTP_HOST}%1 [R=301,L]
# force https for all URLs in /checkout
RewriteCond %{HTTPS} =off
RewriteRule ^x9 https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# force http for all other URLs that are not in /checkout
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/x9
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Force non-www and https via htaccess

I'm trying to force a user to be redirected to the non-www website, and, force https.
I've got this which sort of work, but doesn't force https, when http is entered.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://site.com\.net/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
Any ideas on what I'm doing wrong?
Try this rule:
RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
Based on Gumbo's comment : "the TLS/SSL connection is established and certificate is validated before it is handed down to HTTP and the HTTP redirection takes place"
I gave this a try (which seems to work):
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.blahblah.com/$1 [R,L]
RewriteCond %{HTTP_HOST} ^www\.blahblah\.com [NC]
RewriteRule ^(.*)$ https://blahblah.com/$1 [L,R=301]
please tell me if there is something wrong with this approach.
The only set of rules that works for me is the following
# match any URL with www and rewrite it to https without the www
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [R=301,L]
# match non https and redirect to https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
The order matters, it prevents a third redirect in some cases.
With this code I rediret from http and www and none www to https none www. Just pay attenstion that the place you insert the code in htaccess is important:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

Resources