I have an apache server under a proxy that can run HTTPS. Instead of sending the HTTPS=on header, it sends HTTP_X_FORWARDED_PROTO=https.
I want to write an .htaccess rule that redirects all requests from https to http unless the URL is /user/login.
What I've come up with is around these lines (which does an infinite loop):
RewriteCond %{HTTP:http_x_forwarded_proto} !http
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Best Answer
The problem with your redirect rule is probably that you're duplicating the "http_" prefix. This shouldn't be necessary. If you have a reverse proxy infront of your server (such as an F5 or nginx), the header will be "X-Forwarded-Proto", or some times "X-Forwarded_Proto". To reference these in a rewrite rule, use %{HTTP:Name-Of-Header} (case is not sensitive).
For the most robust rewrite that works in all situations, use something like this:
Some more detail about using headers in RewriteCond is given in the Apache mod_rewrite documentation.