[eluser]Unknown[/eluser]
Hi all,
I'm having issues trying to set up my htaccess file to force the user off SSL when it is not required. I have managed to get it to force the user to use SSL in the controllers that require it (admin, account, application), but once they are using SSL they are on it for the entire site. Ideally I would like the user to be pushed back to http on the pages not in the controllers defined.
Code:
RewriteEngine On
RewriteBase /
RewriteCond %{SERVER_PORT} !=443
RewriteCond %{REQUEST_URI} ^/(admin|account|application)
RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R=301,L]
RewriteCond %{SERVER_PORT} !=80
RewriteCond %{REQUEST_URI} !^/(admin|account|application)
RewriteRule ^(.*)$ http://%{SERVER_NAME}/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
If I remove the middle rule set then it works as I described, but adding the middle rule not only stops the SSL redirect but also adds 'index.php?/' to the URL of the SSL pages.
Any help would be greatly appreciated, I'm sure it's something simple I'm missing, I just don't know what!