Home/ Questions/Q 6923521
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T10:32:45+00:00

I am using a mod_rewrite to force two pages to use HTTPS, while all

  • 0

I am using a mod_rewrite to force two pages to use HTTPS, while all other pages should remain HTTP. Currently, I can successfully force HTTPS on the pages I need — however, when I try to change all other pages to HTTP, my HTTPS pages become unsecure. I am guessing this is because the rule is changing the URLS for the assets which the HTTPS page is loading for some reason.

Any ideas? Here is the .htaccess file I’m working with.
(Note that the ENV:HTTPS method is required on my host)

# FORCE HTTPS (WORKS JUST FINE)
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteCond %{REQUEST_URI} ^(/index\.php|)/(donate|achdebit)/?$
RewriteRule ^(.*)$ https://www.site.org/$1 [R,NC,L]

# FORCE HTTP (IF ADDED, BREAKS THE SITE)
RewriteCond %{ENV:HTTPS} on [NC]
RewriteCond %{REQUEST_URI} !^(/index\.php|)/(donate|achdebit)/?$
RewriteRule ^(.*)$ http://www.site.org/$1 [R,NC,L]
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I believe you are correct when you surmise that the second rule will force assets (css/js etc) that the secure page requests to be redirected to http. To prevent this add the following

    # FORCE HTTP (IF ADDED, BREAKS THE SITE)
RewriteCond %{ENV:HTTPS} on [NC]
RewriteCond %{REQUEST_URI} !^(/index\.php|)/(donate|achdebit)/?$
#NEW# only redirect requests that are not for existing files
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ http://www.site.org/$1 [R,NC,L]

    or explicity exclude assets by replacing #new above with

    #only redirect requests that are not for existing files
RewriteCond %{REQUEST_URI} !\.(css|js|png|gif|etc) [NC]
    • 0