Hey everyone, I’ve got a user area and admin area of the site that I’d like to require SSL using htaccess. I have been having trouble getting this to work and I was hoping someone might be able to spot my mistake. Here is my htaccess:
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/(user|admin)
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [NC,R=301,L]
RewriteCond %{SERVER_PORT} 443
RewriteCond %{REQUEST_URI} !^/(user|admin)
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [NC,R=301,L]
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php
Whenever I go to the user or admin area, though, it just redirects me all the way back to the homepage of the site (index.php). So, a few questions. First, is a 301 redirect the correct one to use when transferring someone to SSL? Second, what could I be doing wrong here? I looked at the rewrite log and it’s correctly doing an 301 redirect to the https version, then shows the internal redirect for rewriting to index.php, but then there’s another 301 redirect happening for some reason to bring you to the index.php page.