In .htaccess (Apache 2.4.6) file i do this:

RewriteCond %{HTTPS} =off [NC]
RewriteCond %{REQUEST_URI} ^\/(login|checkout)\/?(.*) [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]

So, if my user get in http://site/login he is redirected to https://site/login. The same for checkout page.

But, for all others pages i do not want allow access to https protocol. In this cases i want force 301 redirect to http protocol.

For example: If my user access https://site/products i need it redirect him to http://site/products.

So, i added a new RewriteCond negating the regex, like this:

RewriteCond %{HTTPS} =on [NC]
RewriteCond %{REQUEST_URI} ^\/((?!login|checkout))\/?(.*) [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]

But it didn't work.

Any ideas for this problem? Tks.

My .htaccess file

Options +FollowSymLinks -MultiViews
DirectoryIndex index.php

RewriteEngine On

# Force HTTP to HTTPS
RewriteCond %{HTTPS} =off [NC]
RewriteCond %{REQUEST_URI} ^/index.php/(login|checkout) [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]

# Force HTTPS to HTTP
RewriteCond %{HTTPS} =on [NC]
RewriteCond %{REQUEST_URI} !^/index.php/(login|checkout) [NC]
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]

# From /index.php/ to /
RewriteCond %{THE_REQUEST} ^.*/index.php 
RewriteRule ^(.*)index.php/?$ /$1 [R=301,L]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

The first rule, if my user get in on /index.php/login he is redirected to /login, removing the /index.php/ from URI.

The last rule delegate all calls to index.php for request dispatch (front controller).