I couldn't find a edit link.

Could I use something like

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} login.php
RewriteRule ^(.*)$ https://www.domain.com/login.php [R,L]

The reason I ask about the above code, is because the original code which is below, was used to redirect folders.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} somefolder 
RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]

Edit:
Just found the edit post button.
I have just tested it, and it seems to work.

Can someone confirm the .htaccess code is good to use?

Change the test from 80 (which also matches 8880 and 8000 as it isn't anchored), to instead be !^443$.

Change the R to R=301.

You also need another ruleset to redirect https requests for other URLs that should be http back to the correct URL version.

This is a question that comes up quite often. There is a lot of sample code if you search for "http https RewriteRule redirect" or somesuch.

Hi,

Thanks for the reply :)
I have made those changes.

I don't need a ruleset to go back to http, as I got the login code to do it for me.

I will do a search in a bit, then bookmark it for future reference.

Thanks again for the reply :)

Reagards,
Crazy BigGaz aka Garry

Imagine that someone maliciously links to a random page on your site as https. Google would index that Duplicate URL.

You need another ruleset to force http wherever https is not needed.

Ah I see, where you coming from.
Will look into that

I don't always say why things should be done a certain way, as it is usually not a good idea to give other readers new ideas for doing bad things.

Thanks again for all the help :D
Will work on that, before I move it over to my live site.

Hi,

This is what I currently got

# HTTPS 301 redirect on login.php and signup.php
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(login.php|signup.php)$ https://%{HTTP_HOST}/$1 [R=301,L]

# HTTP 301 redirect
RewriteCond %{SERVER_PORT} ^443$
RewriteRule !^(login.php|signup.php)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

The only problem is the http 301 redirect is knocking the https symbol from Firefox 4 and IE9

Am I doing something wrong?

If I remove the HTTP 301 redirect bit, it shows fine.

Think I have got it working now

# HTTP 301 redirect
RewriteCond %{SERVER_PORT} ^443$
RewriteCond {REQUEST_URI} !^(login.php|signup.php)$
RewriteRule http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

That last rule can never work. The RegEx pattern is missing in the final line.

Additionally, you should escape the literal periods in the RegEx pattern in the line above.

There are several hundred previous threads discussing this topic. Compare your code to those.

Thanks again for your help.

Can you just take a look and tell me if this is ok, it seems to all working. The HTTPS has always worked, it was just the HTTP one

# HTTPS 301 redirect on login.php and signup.php
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(login.php|signup.php)$ https://%{HTTP_HOST}/$1 [R=301,L]

# HTTP 301 redirect
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} !^/(login.php|signup.php)$
RewriteRule ^$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Something still not 100% right.

I think the problem is the RewriteRule is missing (.*) but if I have that, the browser loses the HTTPS padlock, or badge

Ok just an update.
It looks like the .htaccess code is good, from the tests I have done. My problem with the paddlock disappering seems like an unsecure object is being loaded.

Yes, you must not redirect requests for images, scripts or stylesheets. They must be excluded from redirection so they can be loaded using the same protocol as the HTML page that they are referenced from; add a RewriteCond for this. Link to them with a leading slash and the full path from the root, omitting the protocol and domain name.

The ^$ pattern works only for the root. This should be .* here.

You must also escape the literal periods in the RegEx patterns.

I'd suggest something like this. Note that the "exclusion list" in the second rule may need to be adjusted to suit your site.

RewriteEngine On
#
# Externally redirect http requests for login and signup page to https
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^((login|signup)\.php)$ https://%{HTTP_HOST}/$1 [R=301,L]
#
# Externally redirect https requests for everything except login and signup
# pages and the resources shared between http and https to http
RewriteCond %{SERVER_PORT} =443$
RewriteCond $1 !\.(gif|jpe?g|jpg|png|ico|css|js)$
RewriteCond $1 !^((login|signup)\.php)$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]

Note the use of the "exact string match" method used here. When applicable, it is faster than using regex patterns.

If your site uses only one domain, then hard-code the canonical domain name into both of these rules instead of using the HTTP_HOST variables. Again, you do not want duplicate content, and using the HTTP_HOST variable here likely means that the site can, for example, be requested at both example.com and www.example.com and will return the same page. This should be avoided whenever possible by explicitly giving the hostname.

Jim

Hi,

Thanks for the reply Jim.
I have 2 questions:
1. I see in the last rewriterule you use $1 is this the same as %{REQUEST_URI}

2. I have parked domains setup in a 301 so it always redirect to www.main-domain.com or www.main-domain.com/#*$!.php from my parked domains.

Do I need to use HTTP_HOST due to the parked domains, or as I 301 them, do I hard code my domain name instead?

Regards,
Garry

1. Request_URI is the same as /$1 and it is not exactly $1.

2. Whatever you do, from request to final page view, there should be one single redirect. Avoid a multiple-step redirection chain for any request.