2

I have a SSL certificate installed and running well with Apache 2.2.14. Now, I want to restrict the use of https to just one directory, namely www.example.com/shop. If a user goes to https://www.example.com or any other URL but www.example.com/shop, I want to force http instead of https.

I'm running Wordpress on this site and can't for the life of me figure out how to write the correct rewrite rules for this (I bet simple) scenario. Any help appreciated!

Improve this question
1

3 Answers 3

Reset to default
2

Well, I can't think of any good reason to actively block the use of HTTPS, but this should do it...

RewriteCond %{HTTPS} on RewriteCond %{REQUEST_URI} !^/shop [NC] RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=301]
Improve this answer
0
1

A simple rewrite rule would be:

RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

You could also use is the SSLRequireSSL directive in the .htaccess file for that directory to completely bar access to that folder over HTTP even if the rewrite rule gets ignored for some reason.

P.S. I think you can use %{SERVER_PORT_SECURE} in place of %{HTTPS} above.

Improve this answer
1
  • I recommend to use the static server name (e.g. www.example.com) instead of %{HTTP_HOST} in above rewrite rule. Mostly SSL certificates are bound to specific host names and so you can take care of using the correct host name. Commented Apr 28, 2012 at 6:55
1

Couldn't you just use the SSLRequireSSL in the shop directory .htaccess and SSLDenySSL elsewhere?

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.