.htaccess force ssl when not www
I have a site which uses ssl when accessing a subdomain which essentially is hosting the actual app, whereas the front end site is present at www, which I don't want to use ssl. So this would allow:
http://www.domain.com
but if somebody types:
http://secure.domain.com
they get forced to:
https://secure.domain.com
which when using this subdomain doesn't allow any non-ssl traffic.
Currently I have this in my .htaccess file:
RewriteCond %{HTTP_HOST} ^domain\.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]
RewriteCond "%{HTTP_HOST}" !^www.* [NC]
RewriteCond "%{HTTP_HOST}" ^([^\.]+).*$
RewriteRule ^(.*)$ https://secure.domain.com/a/login/%1 [R=301,L]
This works fine, but if I then edit the URI to remove the s from https it still loads the page but without ssl.
If I add:
SSLOptions +StrictRequire
SSLRequireSSL
to the top of the .htaccess file then it always forces the traffic to ssl, but that is for all s开发者_C百科ubdomains including www.
Is there a way to catch only the non-www traffic and force that to use ssl?
EDIT:
To clarify:
For example, if you are at:
https://secure.domain.com/a/login/test
and the edit the URI to be
http://secure.domain.com/a/login/test
then it still loads the page but not using ssl. But if I use
SSLRequireSSL
then it forces the requirement for the entire site, and I don't want to use ssl at
http://www.domain.com
SOLVED
After a bit of tweaking I have now solved this issue. What I did was edit the .htaccess file that was in the subdirectory where the application is: https://secure.domain.com/a/login/test and set it to detect if ssl was being used or not (I should add the rest of the .htaccess file is for the benefit of CodeIgniter):
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} on
RewriteCond $1 !^(index\.php|images|includes|css|js|robots\.txt|favicon\.ico)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
加载中,请稍侯......
精彩评论