- Code: Select all
RewriteEngine On
RewriteBase /
Options FollowSymLinks
RewriteCond %{HTTPS} =off
RewriteRule ^(client_area|logged_in|download)(.*) https://%{SERVER_NAME}/$1$2 [R=301,L]
#RewriteCond %{HTTPS} =on
#RewriteRule !^(images|css|js|client_area|logged_in|download)(.*) http://%{SERVER_NAME}/$1$2 [R=301,L]
RewriteRule ^$ index.php?page=home
RewriteRule ^logged_in/logout\.html$ index.php?cmd=logout [L]
RewriteRule ^download/([0-9]{8})$ download.php?id=$1 [L]
RewriteRule ^([a-z0-9_-]+)\.html$ index.php?page=$1 [QSA]
RewriteRule ^([a-z0-9_-]+)/([a-z0-9_-]+)\.html$ index.php?page=$1&sub=$2 [QSA]
RewriteRule ^external/([a-z0-9_-]+)\.html$ $1.php
When I uncomment my second block starting with RewriteCond, the addresses that I wanted to secure are rewritten to include query strings that I am trying to initially hide with mod_rewrite.
For example, if I were to navigate to http://www.foo.com/logged_in.html it gets rewritten to http://www.foo.com/?page=logged_in where as if I were to comment out that block, it correctly gets rewritten to https://www.foo.com/logged_in.html but the user stays under https for the rest of the visit.
Any ideas or suggestions would be most welcome.