Not that this is exceptionally difficult but I really needed to post this just so I would have a reference in the future.

<VirtualHost *:80>
ServerName your.server.here
ServerAlias your.server.here

RewriteEngine on
RewriteCond  %{REQUEST_URI} (private|secret|goaway)
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]

# The rest of the configuration follows…
</VirtualHost>

<VirtualHost *:443>
ServerName your.server.here
ServerAlias your.server.here

RewriteEngine on
RewriteCond  %{REQUEST_URI} !(private|secret|goaway)
RewriteRule ^(.*)$ http://%{SERVER_NAME}$1 [L,R]

# The rest of the configuration follows…
</VirtualHost>

Essentially any requests for private, secret, or goaway will get punted to https while all others will be handle as non-SSL.  In the 443 block, to make sure that you aren’t using SSL for assets that don’t require it we check again this time to see if it is not the listed directories and punt them back to non-SSL. This can also be used in htaccess.

Tags: Apache, mod_rewrite, SSL

This entry was posted on Tuesday, December 30th, 2008 at 2:39 pm and is filed under Sysadmin. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.