- Code: Select all
# Redirect secure pages to HTTPS if requested with HTTP
# IF uri does NOT contain a .css file AND...
# IF server port is NOT 443 AND...
# IF the uri contains login.php OR edit_billing.php OR etc...
# THEN make it secure with https
RewriteCond %{REQUEST_URI} !^/(style\.css|urchin\.js)$
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} ^/(login\.php|edit_billing\.php)$
RewriteRule (.*) https://www.example.com/$1 [R=301,L]
#
# Redirect non-secure pages to HTTP if requested by HTTPS
# IF uri does NOT contain a .css file AND...
# IF port is 443 AND...
# IF the uri does NOT contain login.php OR edit_billing.php OR etc...
# THEN make it insecure
RewriteCond %{REQUEST_URI} !^/(style\.css|urchin\.js)$
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} !^/(login\.php|edit_billing\.php)$
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
Just to be totally redundant, firefox displays the coveted padlock, https shows in the title bar, and there are no hickups. 100% secure...
However, IE is a different story. I tested it in IE, version 6.0, with default install; you know, the config that automatically warns you when traversing from http to https and vis versa. So here's what happens when I go to the following uri:
http://www.example.com/login.php
1) A normal IE warning: "you are about to view pages over a secure connection". This is normal.
2) The page loads, with the new uri as expected (https://www.example.com/login.php) without any logos.
3) A message pops up that says: "you are about to leave a secure connection..."
4) That happens for each gif (2 are in an external css file, 2 are normal img calls)... so for me, I click yes to four "insecure" messages....
5) No padlock, and definitely no buyer confidence
Any help would be tremendously appreciated! (as I've searched high and lo, to and fro for the solution).