问题
I would like to redirect all frontend requests to secured site https and all admin / backend urls should remain unsecured http. In addition, I use Cloudflare CDN.
My rewrite rules do not work, all queries go to https.
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteCond %{REQUEST_URI} !admin
RewriteRule ^ https://example.com%{REQUEST_URI} [L,R=301]
Please help me.
回答1:
It should work fine as you have it, although I would change:
RewriteCond %{REQUEST_URI} !admin
to perhaps:
RewriteCond %{REQUEST_URI} !^/admin/
If that is suitable for your URLs, or:
RewriteCond %{REQUEST_URI} !^/admin
(in case a front-end URL should have 'admin' in it somewhere)
But anyway, you probably just have a redirect cached in your browser from before you got it working. Clear you cache or "forget this site".
Also remove line two, no need to check twice.
But it's a shame not to run your admin over HTTPS too, just for security when logging in to it etc. and transferring confidential data.
Update
Since clearing the cache did not fix it (see comments) recommended enabling logging.
Update 2
Based on discussion in comments, try this:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteCond %{REQUEST_URI} !^(/index\.php)?/admin(/|$)
RewriteRule ^ https://example.com%{REQUEST_URI} [L,R=301]
This is because it looks like your application may be adding /index.php when it generates admin URLs. So this would cover that too.
来源:https://stackoverflow.com/questions/41409604/htaccess-redirect-to-https-except-admin-url