By FreshJones on

Trying to create a rewrite that will force Drupal to apply https on only one section of a site: /admin, and force http on the rest of the site.

Here's what I have so far

#force /admin to use https only
rewriteCond %{SERVER_PORT} ^80$
rewriteCond %{REQUEST_URI} ^/(admin)
rewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

#force http only on all but admin
rewriteCond %{SERVER_PORT} ^443$
rewriteCond %{REQUEST_URI} !^/(admin)
rewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]

#Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

this seems like it should work, and will work for http redirects however when the url contains "www.example.com/admin" the site will hit both redirect rules, forces two 301 redirects and ends up as:

http://www.example.com/index.php?=admin

instead of

https://www.example.com/admin

It seems like the ! is being ignored because if I use:

#force http only on all but admin
rewriteCond %{SERVER_PORT} ^443$
rewriteCond %{REQUEST_URI} ^/(user|node|anyother)
rewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]

it works fine. I really don't want to have to list every single directory out though if a simple !/admin would work. Plus how would I account for the homepage as just www.example.com? the rule would not apply there and not redirect the homepage back to http or would create an infinate loop with the force https rule

any help would be great! I've tried a million different ways to get this to work and can't.

thanks

Categories: Drupal 6.x

Comments

Road Runner’s picture

Road Runner commented

Module Secure Pages might make your job easier.

zorroposada’s picture

zorroposada commented

I am having the exact same problem here.

It seems that the clean urls stop working when I try to exclude one section of the site from the secure pages.

Here is what I have:

  # https to http
  RewriteCond %{QUERY_STRING} !^q=mysection/ [NC]
  RewriteCond %{HTTP_HOST} ^secure\.(.*)\.(.*)$ [NC]
  RewriteRule ^(.*)$ http://www\.%1\.%2%{REQUEST_URI} [L,R=301]

  # http to https
  RewriteCond %{HTTPS} !=on
  RewriteCond %{QUERY_STRING} ^q=mysection/ [NC]
  RewriteCond %{HTTP_HOST} ^www\.(.*)\.(.*)$ [NC]
  RewriteRule ^(.*)$ http://secure\.%1\.%2%{REQUEST_URI} [L,R=301]

It almost works, but the secure pages urls are not clean.

When I go from http://www.mysite.com/home to https://secure.mysite.com/mysection/page1 then the URL shows up like https://secure.mysite.com/index.php?q=mysection/page1

I need help with this.