I'm new to this community, but I've found it really useful time to time.

I've searched for the answer a lot, but I didn't find anything like I need. I've tried to solve it on my own, but I still get errors, so I hope to find someone that can show me the right way... :-)

I've got a "classic" ZF website, with many controller/action urls that are redirect to index.php with a .htaccess file.

Now, what I need, is to redirect a couple of controller to https ssl connection excluding some actions of both controllers.

The way I was trying to do it is:

Options +FollowSymLinks

RewriteEngine on
RewriteBase /

RewriteCond %{HTTP_HOST} ^mydomain\.tld [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

RewriteCond %{HTTPS} on
RewriteCond $1 ^!((member|shop)/(?!(index|login))(.*))
RewriteRule ^(.*) http://%{HTTP_HOST}/$1 [L,R=301]

RewriteCond %{HTTPS} off
RewriteCond $1 ^((member|shop)/(?!(index|login))(.*))
RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [L,R=301]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule !\.(js|ico|gif|jpg|png|css|swf|pdf|txt)$ index.php

It seems to work when I go to /member controller But then, when I go to another controller, for example /index or /about it does not redirect to the http connection (port 80), and if I try to change a little the rewrite condition regex it sometimes does a redirect loop and the browser gives me a notice blocking the connection to the site.

Is there anyone that could show me the right synthax to use in my rewrite conditions to allow both the controllers (excluding the given actions) under an https connection and going back to a standard http connection when changing controller?

Thanks in advance.

Alessandro

Try these rules instead (replace appropriate lines):

RewriteCond %{HTTPS} on [NC]
RewriteCond %{REQUEST_URI} !^/(member|shop)/ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [L,R=301]

RewriteCond %{HTTPS} off [NC]
RewriteCond %{REQUEST_URI} ^/(member|shop)/ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301]

1. These rules a bit simple (HTTPS will be applied to ALL URLs in /member/ and /shop/ controllers (e.g. /member/login, /member/dashboard, /member/orders/15423/invoice etc)
2. Negate ! should be before ^ in RewriteCond directive -- if you want your own rules then replace RewriteCond $1 ^!((member|shop)/(?!(index|login))(.*)) by RewriteCond $1 !^((member|shop)/(?!(index|login))(.*))

A method we use to redirect to https is to leave the default Zend Framework .htaccess settings and create an action helper to redirect to https when required. Our action helper code is:

<?php
class RequireSSL extends Zend_Controller_Action_Helper_Abstract
{
    public function direct()
    {
        if(empty($_SERVER['HTTPS']) && $config['billing']['requireSSL'])
        {
            $redirector = $this->getActionController()->getHelper('Redirector');
            $redirector->goToUrlAndExit('https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']);
        }
    }
}

Then when you are in a controller action that you need to be accessed via HTTPS you simply call this function at the beginning:

$this->_helper->requireSSL();

Also, here is another method for using action helpers that is a little more detailed if you need it:

http://juriansluiman.nl/en/article/110/in-control-of-https-for-action-controllers

Hope that helps!

I have discovered where the origin of the problem is, but I'd still need support to understand how to solve it.

I have tested on a local linux machine the htaccess and the result was the same... testing separately the two https condition statements (on and off) they work correctly redirecting basing on the given RewriteCond regex. When putting together only the redirect from http to https works. Https to http redirect works only if the regex is not matched, else it redirects to http://www.mydomain.tld/index.php

So I finally tried to delete the last htaccess statement and it started to work correctly, but, obviously, it does not find the url, as it does not redirect to the index.php anymore.

It looks like after the correct https redirect the index.php one creates the problem. So I'm asking myself if there is a way to avoid this and make it work correctly.

As I wrote before, this seems to be a common problem of this htaccess, as its behaviour is the same on the test and on the production server (different linux flavours).

I put here the working code:

Options +FollowSymLinks

RewriteEngine on
RewriteBase /

#RewriteCond %{HTTP_HOST} ^mydomain\.tld [NC]
#RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

RewriteCond %{HTTPS} on
RewriteCond $1 !^((member|shop)/(?!(index|login))(.*))
RewriteRule ^(.*) http://%{HTTP_HOST}/$1 [L,R=302]

RewriteCond %{HTTPS} off
RewriteCond $1 ^((member|shop)/(?!(index|login))(.*))
RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [L,R=302]

#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteRule !\.(js|ico|gif|jpg|png|css|swf|pdf|txt)$ index.php

Finally I have solved it! I persevered in searching the answer because I think that doing it with .htaccess is cleaner, smarter and easy to maintain. The problem was essentially due to the regexp used in the "ssl to non-ssl" block that was not correctly matching the value passed (that is best matched now reading the env variable %{THE_REQUEST}, avoiding, in some cases, an erroneus redirects loop.

I paste here the working code for further reference:

    Options +FollowSymLinks

    RewriteEngine On

    RewriteBase /

    RewriteOptions MaxRedirects=1



    RewriteCond %{HTTP_HOST} ^yoursite\.tld [NC]

    RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]



    RewriteCond %{HTTPS} off

    RewriteCond %{THE_REQUEST} ^[A-Z]+\ /((controller1|controller2)/(?!(action1|action2))(.*))\ HTTP/

    RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [L,R=301]



    RewriteCond %{HTTPS} on

    RewriteCond %{THE_REQUEST} !^[A-Z]+\ /((controller1|controller2)/(?!(action1|action2))(.*))\ HTTP/

    RewriteRule ^(.*)$ http://%{SERVER_NAME}/$1 [L,R=301]



    RewriteCond %{REQUEST_FILENAME} \.(js|css|ico|gif|jpg|png|swf|txt|pdf)$ [OR]

    RewriteCond %{REQUEST_FILENAME} -s [OR]

    RewriteCond %{REQUEST_FILENAME} -l [OR]

    RewriteCond %{REQUEST_FILENAME} -d

    RewriteRule ^.*$ - [NC,L]



    RewriteCond %{REQUEST_FILENAME} !-f

    RewriteCond %{REQUEST_FILENAME} !-d

    RewriteRule ^.*$ index.php [NC,L]