Hi,

Currently my server forces https regardless of the URI.
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

I need to to not apply https if the url has a subdomain, i.e

http://test.domain.com

would not use SSL. Of course www.domain.com still needs to work?

I've tried to no avail, anyone help?

Thanks

JamesG wrote:
> Hi,
>
> Currently my server forces https regardless of the URI.
> RewriteCond %{HTTPS} off
> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>
> I need to to not apply https if the url has a subdomain, i.e
>
> http://test.domain.com
>
> would not use SSL. Of course www.domain.com still needs to work?
>
> I've tried to no avail, anyone help?
>
> Thanks
>

Add another RewriteCond to specify the host (untested):

RewriteCond %{HTTP_HOST} ^www\.domain\.com$ [NC]
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI}

Jim

On Oct 23, 11:27 pm, Jim Hayter <see.reply... [at] nowhere.invalid> wrote:
> JamesG wrote:
> > Hi,
>
> > Currently my server forces https regardless of the URI.
> > RewriteCond %{HTTPS} off
> > RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>
> > I need to to not apply https if the url has a subdomain, i.e
>
> >http://test.domain.com
>
> > would not use SSL. Of coursewww.domain.comstill needs to work?
>
> > I've tried to no avail, anyone help?
>
> > Thanks
>
> Add another RewriteCond to specify the host (untested):
>
> RewriteCond %{HTTP_HOST} ^www\.domain\.com$ [NC]
> RewriteCond %{HTTPS} off
> RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI}
>
> Jim

Hi Jim,

Thanks for this suggestion.
This is great but there is an issue in IE7, where if the user types:
https://www.subdomain.domain.com, they get a security error.

Since this subdomain is just forwarded to https://www.domain.com/v1/subdomain
is it possible to redirect this to http://www.subdomain.domain.com
which will then forward it correctly?

Thanks

JamesG wrote:
> On Oct 23, 11:27 pm, Jim Hayter <see.reply... [at] nowhere.invalid> wrote:
>> JamesG wrote:
>>> Hi,
>>> Currently my server forces https regardless of the URI.
>>> RewriteCond %{HTTPS} off
>>> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>>> I need to to not apply https if the url has a subdomain, i.e
>>> http://test.domain.com
>>> would not use SSL. Of coursewww.domain.comstill needs to work?
>>> I've tried to no avail, anyone help?
>>> Thanks
>> Add another RewriteCond to specify the host (untested):
>>
>> RewriteCond %{HTTP_HOST} ^www\.domain\.com$ [NC]
>> RewriteCond %{HTTPS} off
>> RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI}
>>
>> Jim
>
> Hi Jim,
>
> Thanks for this suggestion.
> This is great but there is an issue in IE7, where if the user types:
> https://www.subdomain.domain.com, they get a security error.
>
> Since this subdomain is just forwarded to https://www.domain.com/v1/subdomain
> is it possible to redirect this to http://www.subdomain.domain.com
> which will then forward it correctly?
>
> Thanks
>

OK. You want to *not* use SSL. The following will redirect https to
http for all but the main site:

RewriteCond %{HTTP_HOST} ^www\.domain\.com$ [nc]
RewriteCond %{HTTPS} on
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI}

However, this requires that the browser first make the SSL connection to
the web server. Only then can it pass the request to Apache and get the
redirect. If your browser complains that the certificate does not
match the host, I know of only one way to make that go away: get a
wildcard certificate for *.domain.com. Even then, a wildcard is only
good for one "." level of names. It will work for a.domain.com,
b.domain.com, etc but will *not* work for www.a.domain.com.

If this doesn't help, perhaps a little more info on your setup/what you
are trying to accomplish would be useful.

HTH,
Jim