jeudi 10 mars 2011

mod_rewrite: http to https, https to http except specific files

Let's quote Brian Moore :

"Despite the tons of examples and docs, mod_rewrite is voodoo. Damned cool voodoo, but still voodoo."

Well, it ain't that bad... As long as you know how to use regular expressions and understand how rules are processed by your HTTP server, you're in business.

But on with common requirements and their practical solutions...

So you got your free SSL certificate ;) and you want a complete directory_path to use https:// instead of http://.

This is a .htaccess file you could put in that directory_path:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} directory_path
RewriteRule ^(.*)$ https://%{SERVER_NAME}/directory_path/$1 [R,L]
For example, if this was on the server foo.com and the directory_path was /secure, someone typing http://foo.com/secure would get redirected to https://foo.com/secure.

Now let's say you want all requests for https://foo.com to be rewritten as http://foo.com, except for two specific files, say secure1.php and secure2.php. Here's one way to do it with .htaccess:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^secure1\.php https://%{SERVER_NAME}/secure1\.php [R,L]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^secure2\.php https://%{SERVER_NAME}/secure2\.php [R,L]

RewriteCond %{SERVER_PORT} 443
RewriteCond %{REQUEST_URI} !secure1\.php
RewriteCond %{REQUEST_URI} !secure2\.php

RewriteRule ^(.*)$ http://%{SERVER_NAME}/$1 [R,L]
Ok, this is not the most elegant rule-writing code... We could use rule negation and have a little less rules, but I find the code above explicit and easy to understand - and blog-friendly! :) Also, we explicitly exclude secure1.php and secure2.php from the https:// to http:// RewriteRule, that's because we're using .htaccess and we need to avoid loops, as .htaccess would be read again after the redirect. If we were using per-server context with httpd.conf, we probably wouldn't need this.

Let's finish with Brian Behlendorf's quote :

"The great thing about mod_rewrite is it gives you all the configurability and flexibility of Sendmail. The downside to mod_rewrite is that it gives you all the configurability and flexibility of Sendmail.''
Publié par Alexandre Vovan à 15 h 37
Libellés :

Aucun commentaire:

Publier un commentaire

S'abonner à : Publier des commentaires (Atom)