I have discovered where the origin of the problem is, but I'd still need support to understand how to solve it.

I have tested on a local linux machine the htaccess and the result was the same... testing separately the two https condition statements (on and off) they work correctly redirecting basing on the given RewriteCond regex. When putting together only the redirect from http to https works. Https to http redirect works only if the regex is not matched, else it redirects to http://www.mydomain.tld/index.php

So I finally tried to delete the last htaccess statement and it started to work correctly, but, obviously, it does not find the url, as it does not redirect to the index.php anymore.

It looks like after the correct https redirect the index.php one creates the problem. So I'm asking myself if there is a way to avoid this and make it work correctly.

As I wrote before, this seems to be a common problem of this htaccess, as its behaviour is the same on the test and on the production server (different linux flavours).

I put here the working code:

Options +FollowSymLinks

RewriteEngine on
RewriteBase /

#RewriteCond %{HTTP_HOST} ^mydomain\.tld [NC]
#RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

RewriteCond %{HTTPS} on
RewriteCond $1 !^((member|shop)/(?!(index|login))(.*))
RewriteRule ^(.*) http://%{HTTP_HOST}/$1 [L,R=302]

RewriteCond %{HTTPS} off
RewriteCond $1 ^((member|shop)/(?!(index|login))(.*))
RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [L,R=302]

#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteRule !\.(js|ico|gif|jpg|png|css|swf|pdf|txt)$ index.php

A method we use to redirect to https is to leave the default Zend Framework .htaccess settings and create an action helper to redirect to https when required. Our action helper code is:

<?php
class RequireSSL extends Zend_Controller_Action_Helper_Abstract
{
    public function direct()
    {
        if(empty($_SERVER['HTTPS']) && $config['billing']['requireSSL'])
        {
            $redirector = $this->getActionController()->getHelper('Redirector');
            $redirector->goToUrlAndExit('https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']);
        }
    }
}

Then when you are in a controller action that you need to be accessed via HTTPS you simply call this function at the beginning:

$this->_helper->requireSSL();

Also, here is another method for using action helpers that is a little more detailed if you need it:

http://juriansluiman.nl/en/article/110/in-control-of-https-for-action-controllers

Hope that helps!

Finally I have solved it! I persevered in searching the answer because I think that doing it with .htaccess is cleaner, smarter and easy to maintain. The problem was essentially due to the regexp used in the "ssl to non-ssl" block that was not correctly matching the value passed (that is best matched now reading the env variable %{THE_REQUEST}, avoiding, in some cases, an erroneus redirects loop.

I paste here the working code for further reference:

    Options +FollowSymLinks

    RewriteEngine On

    RewriteBase /

    RewriteOptions MaxRedirects=1



    RewriteCond %{HTTP_HOST} ^yoursite\.tld [NC]

    RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]



    RewriteCond %{HTTPS} off

    RewriteCond %{THE_REQUEST} ^[A-Z]+\ /((controller1|controller2)/(?!(action1|action2))(.*))\ HTTP/

    RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [L,R=301]



    RewriteCond %{HTTPS} on

    RewriteCond %{THE_REQUEST} !^[A-Z]+\ /((controller1|controller2)/(?!(action1|action2))(.*))\ HTTP/

    RewriteRule ^(.*)$ http://%{SERVER_NAME}/$1 [L,R=301]



    RewriteCond %{REQUEST_FILENAME} \.(js|css|ico|gif|jpg|png|swf|txt|pdf)$ [OR]

    RewriteCond %{REQUEST_FILENAME} -s [OR]

    RewriteCond %{REQUEST_FILENAME} -l [OR]

    RewriteCond %{REQUEST_FILENAME} -d

    RewriteRule ^.*$ - [NC,L]



    RewriteCond %{REQUEST_FILENAME} !-f

    RewriteCond %{REQUEST_FILENAME} !-d

    RewriteRule ^.*$ index.php [NC,L]

Try these rules instead (replace appropriate lines):

RewriteCond %{HTTPS} on [NC]
RewriteCond %{REQUEST_URI} !^/(member|shop)/ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [L,R=301]

RewriteCond %{HTTPS} off [NC]
RewriteCond %{REQUEST_URI} ^/(member|shop)/ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301]

1. These rules a bit simple (HTTPS will be applied to ALL URLs in /member/ and /shop/ controllers (e.g. /member/login, /member/dashboard, /member/orders/15423/invoice etc)
2. Negate ! should be before ^ in RewriteCond directive -- if you want your own rules then replace RewriteCond $1 ^!((member|shop)/(?!(index|login))(.*)) by RewriteCond $1 !^((member|shop)/(?!(index|login))(.*))