• 9
name Punditsdkoslkdosdkoskdo

Force SSL on one page via .htaccess without looping

Okay, I have this code:

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/borrowing/ill/request\.php$
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

The way I would expect this to work is:

  1. A request for /borrowing/ill/request.php comes in on HTTP.
  2. The rule matches.
  3. The server redirects to HTTPS.
  4. The rule does not match, because HTTPS is now on.

The way it actually works is:

  1. A request for /borrowing/ill/request.php comes in on HTTP.
  2. The rule matches.
  3. The server redirects to HTTPS.
  4. The rule matches.
  5. The server redirects to HTTPS.
  6. The rule matches.
  7. The server redirects to HTTPS ...

And so on.

I know that the second condition (matching the file name) is working, because the redirect loop only hits that specific page. The question is, why isn't the switch to HTTPS causing the first condition to not match?


I put the exact same .htaccess rules into a test area on another server -- same file and path info. And they worked just fine. There's got to be something wrong with the server configuration elsewhere.

      • 2
    • If you enable verbose rewrite logging (via RewriteLog and RewriteLogLevel), do you see anything unexpected?
      • 1
    • I sure wish I could -- my only access to the server is through a crappy web-based interface built into a half-baked CMS. I can create and upload directories/files, but it does not offer any way to control their perms. It sucks.
    • @Will Where does this .htaccess located -- in website root folder ... or subfolder? Also -- can you upload any custom php script and execute it? You could try to use it to read the rewrite debug log and display it in browser...

It turns out that there is nothing wrong with the code above. The problem is that the server I was executing it on is talking to a load balancer which only communicates on port 80.

So, the HTTPS request comes in on port 443, hits the load balancer, which redirects it to port 80. Then the web server redirects it back to 443, which gets redirected to 80, to 443, to 80, to 443 ...

So, the fix is to report it to the person who maintains the load balancer and hope they can figure it out.

Thanks for the help anyway, you've all been very patient.

  • 1
Reply Report
    • Thanks for leaving the answer to your problem for other people. You can go ahead and accept your own answer if you like.

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags