How to redirect traffic to http

.htaccessapache-2.2https

I have an apache server under a proxy that can run HTTPS. Instead of sending the HTTPS=on header, it sends HTTP_X_FORWARDED_PROTO=https.

I want to write an .htaccess rule that redirects all requests from https to http unless the URL is /user/login.

What I've come up with is around these lines (which does an infinite loop):

RewriteCond %{HTTP:http_x_forwarded_proto} !http
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Best Answer

The problem with your redirect rule is probably that you're duplicating the "http_" prefix. This shouldn't be necessary. If you have a reverse proxy infront of your server (such as an F5 or nginx), the header will be "X-Forwarded-Proto", or some times "X-Forwarded_Proto". To reference these in a rewrite rule, use %{HTTP:Name-Of-Header} (case is not sensitive).

For the most robust rewrite that works in all situations, use something like this:

# Make sure all SSL pages for dot-com are redirected to HTTP.
RewriteCond %{SERVER_PORT} 443 [OR]
RewriteCond %{HTTPS} on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} https [OR]
RewriteCond %{HTTP:X-Forwarded_Proto} https
RewriteRule (.*) http://%{HTTP_HOST}/$1 [R=301,L]

Some more detail about using headers in RewriteCond is given in the Apache mod_rewrite documentation.

Related Topic