I've got the follow problem.

I have a website and for the directories /members and /admin I have a .htaccess which forces these URLs to go to https:// All other URLs are forced to go to normal https://

Now, for /members which is https:// I have in the pages a reference to /js/script.js which in imported into the page, but ofcourse this directory /js is forced to normal http:// while the page is displayed in https://

Internet Explorer users are shown a popup if they want to view non-secure content in the secure page, if they click yes, it's ok. If they click no, then the javascript doesn't work.

The /js is used in the normal http:// website and also in the /members secure website. This also is the case for the /images directory

So i'm not sure how to solve this problem. Other than say that /js and /images can be https or http. But I have no clue on how to configure this in the htaccess file.

Any help would be much appreciated!

This is the htaccess file I use now :

  #Turn SSL on everything, except members and admin
  RewriteCond %{HTTPS} =off
  RewriteCond %{REQUEST_URI}  ^(/members|/admin)
  RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

  # Turn SSL off everything, except members and admin
  RewriteCond %{HTTPS} =on
  RewriteCond %{REQUEST_URI} !^(/members|/admin)
  RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

There are quite a few approaches. Here are just a few.

Number 1. Add this before your rules:

# do not do anything for js/css/image files
# (will affect ALL such files in ALL folders)
RewriteRule \.(css|js|jpe?g|gif|png|ico)$ - [L]

The rule above will leave protocol as is for ALL css/js/image files (anywhere on a site)

Number 2. Add this before your rules:

# do not do anything to any files in css/js/images folders
RewriteRule ^(css|js|images)/ - [L]

The rule above will leave protocol as is for ALL files in css/js/image folders (e.g. example.com/js/main.js, example.com/images/logo.png or even example.com/js/compress.php

If you want -- you can combine them into single rule (to be more specific) -- but that is unnecessary (from my point of view).

I faced the same issue an year back. Was able to arrive at a conclusion on my own finally.

Check out my question and answer htaccess (https to http)

In your images and js directories create their own .htacess file with the following in it:-

RewriteEngine off

This will turn off writes for all files in that folder.

In your html do not specify the domain on the links so do /js/myscript.js instead of http://mydomain.com/js/myscript.js this way it will just inherit the same protocol as the page they are viewing it on.