Mod_rewrite redirect from HTTPS to HTTP

I have a site that is generally viewed under HTTP, but for a signup form I want it to be under HTTPS. I have the redirect from HTTP to HTTPS working fine, but I'm running into some issues redirecting back to HTTP when a relative link to another part of the site is clicked. My rewrite for the SSL Virtual Host looks like this:

RewriteEngine On
RewriteRule /order_now(.*) /order_now$1 [PT,L]
RewriteRule ^(.*)$ http://www.mydomain.com [R=301]

This is working as far as the redirect is concerned - links that are supposed to go back to HTTP do, and the site stays on HTTPS within the order_now section. The problem is the HTTPS pages arent loading any of the css or javascript that are loaded via relative links (<script type="text/javascript" src="../includes/js/jquery.js"></script>, for example) - those files live in the HTTP portion of the site. The SSL is also showing up as only partially encrypted. Is there a way around this?

Thanks,
Steve
movefilesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

HonorGodSoftware EngineerCommented:
What is to keep someone from "bookmarking" one of the http URLs that are returned after authentication?  This would allow the unauthenticated URL to be shared with someone...  not a very secure idea.
0
movefilesAuthor Commented:
There is no login or authentication, this is just a form where they enter their personal info that we want encrypted, after that they can view the non-HTTP part of the site as they did before. I just want to force the order_now section to be HTTPS, the rest of the site should be HTTP.
0
Artysystem administratorCommented:
The problem with '../includes/js/jquery.js' is that, when called say from https://mysite.com/order_now  it expands to
https://mysite.com/order_now../includes/js/jquery.js

there are two problems with such expansion:
1) this file (/order_now../includes/js/jquery.js) doesn't exist, because there is no trailing '/' in original request
2) even with correct '/' this URL also matches '/order_now(.*)' pattern and will not ne redirected to http.


So my suggestion is to include '/' in RewriteRule and to handle '../' separately, like:
 
RewriteRule /order_now/\.\./(.*) http://www.mydomain.com [R=301]
RewriteRule /order_now/(.*) /order_now/$1 [PT,L]
RewriteRule ^(.*)$ http://www.mydomain.com [R=301]

if you have more then 1 directory level below /order_now/ you should add more rules for that.

0
movefilesAuthor Commented:
The solution that ended up working for me:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule order_now/(.*) https://%{HTTP_HOST}%{REQUEST_URI}

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.