HTTP and HTTPS redirection with exception

Asked

Viewed 1,455 times

4

I have a website on http and added a certificate SSL. I need a script via htaccess that redirects the entire site to https (301 redirect), but a single specific page of the site will need to be accessed via http: Example:

https://meusite.com All pages with https

http://meusite.com/pagina-especifica Just that page without https

In this case, this page can even be accessed via https, but also necessarily need to be accessed via http without redirecting.

I tried this code, but there is error of redirect over. The intention would be to allow the meusite.com/api page to be accessible via both http and https without redirection.

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{REQUEST_URI} !^/(api) [NC] #permite tanto acesso via https quanto http
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

This other code below worked perfectly for the 301 redirect of the site, however I am not able to include the exception so that the page /api is also accessible without https:

# BEGIN GD-SSL
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_USER_AGENT} ^(.+)$
RewriteCond %{SERVER_NAME} ^meusite\.com$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Header add Strict-Transport-Security "max-age=300"
</IfModule>
# END GD-SSL
# BEGIN WordPress
  • Hello @Bacco, thanks for responding. I added what I have ready to see if it helps. Basically what I need is a standard 301 redirect code via htaccess from http to https, but I need to include a rule so that only a single specific page of my site is accessible also via http, without redirecting to https.

  • Your logic is going well, only you can’t redirect again if it is already HTTP only. Maybe it would be better to join the cond in a rewriterule only. Only redirect if it is HTTP, And if it’s not /api

  • So, it would be just that "What if it wasn’t /api" that I’m not getting. I’m new at this.

  • Look just really there is the need to leave the API without HTTPS? This API will give access to whom? Third parties or your own system?

1 answer

3

Probably that solves it. It’s similar to its first version, but it has been fixed a != and the https in the RewriteRule

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/api.* [NC] #essa linha é a exceção
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

If redirect were not 301, simply omit the flag R:

RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Take just one example if the exception was a specific domain, for example:

RewriteEngine On 
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^(www\.)?domain\.com$ [NC] #exceção pra domain.com
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Note that the parentheses of some situations have been taken, because usually you only make groupings when that piece will be used in the RewriteRule, with the catch groups %1, %2 etc..

Browser other questions tagged

You are not signed in. Login or sign up in order to post.