Ssl – Force SSL on one page via .htaccess without looping

Okay, I have this code:

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/borrowing/ill/request\.php$
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

The way I would expect this to work is:

A request for /borrowing/ill/request.php comes in on HTTP.
The rule matches.
The server redirects to HTTPS.
The rule does not match, because HTTPS is now on.

The way it actually works is:

A request for /borrowing/ill/request.php comes in on HTTP.
The rule matches.
The server redirects to HTTPS.
The rule matches.
The server redirects to HTTPS.
The rule matches.
The server redirects to HTTPS …

And so on.

I know that the second condition (matching the file name) is working, because the redirect loop only hits that specific page. The question is, why isn't the switch to HTTPS causing the first condition to not match?

EDIT:

I put the exact same .htaccess rules into a test area on another server — same file and path info. And they worked just fine. There's got to be something wrong with the server configuration elsewhere.

Best Answer

It turns out that there is nothing wrong with the code above. The problem is that the server I was executing it on is talking to a load balancer which only communicates on port 80.

So, the HTTPS request comes in on port 443, hits the load balancer, which redirects it to port 80. Then the web server redirects it back to 443, which gets redirected to 80, to 443, to 80, to 443 ...

So, the fix is to report it to the person who maintains the load balancer and hope they can figure it out.

Thanks for the help anyway, you've all been very patient.

Best Answer

Related Solutions

Apache: How to redirect OPTIONS request with .htaccess

How to Force or Redirect to SSL in Nginx

Related Topic