I really hope someone knows what I'm doing wrong here, cuz I sure don't!
We have a certain page on our site which has account balance information on it, and we want to make it secure with SSL. But we only want this one particular page to be secure. I have the following in the localhost:80 virtualhost, and it works perfect:
RewriteCond %{HTTPS} off
RewriteCond %{SCRIPT_FILENAME} \/account\.php(.*) [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [QSA,L]
However, as you might guess, we want all other pages to just use HTTP. So I stuck this little snippet into my localhost:443 virtualhost:
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !\/account\.php(.*) [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [QSA,L]
...And that's when the problem happens. I have no problems going back to HTTP, but when I click the link开发者_如何学Go to go to the account page, it changes to HTTPS but I immediately get an error 302 response. I do not get this response when I remove either one of those rewrite rules, it only happens when they are both there.
I have tried replacing [QSA]
with [R]
and [R=301]
, to no avail.
%{HTTPS}
on/off is a bit redundant ;))
So I have two questions:
- Is there something I am forgetting or doing wrong that might be causing this?
- Is using
[QSA]
redundant with$1
? We use theGET
method a lot to specify pages and what not.
Many thanks in advance!!
BrianWhilst it's on here (and not moved to serverfault).. try
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/account\.php https://%{HTTP_HOST}/account.php [R=301,QSA,L]
HTTP/1.1 302 = Found (and is not an error code), but temporarily at another location.
EDIT Actually, whilst you are putting the code in separate VirtualHosts, you may as well do
(In :80)
RewriteRule ^/account\.php https://%{HTTP_HOST}/account.php [R=301,QSA,L]
(in :443)
RewriteCond %{REQUEST_URI} !/account\.php$
RewriteRule ^(.*) http://%{HTTP_HOST}$1 [R=301,QSA,L]
精彩评论