0

I have a rule in .htaccess redirecting all HTTP requests to HTTPS.

I need to exclude two specific paths because they are called by a legacy application to download a file, connecting using TLS 1.0 (which is not supported by the web server anymore).

Can you please suggest what should be added to the condition below, to exclude http://wwww.example.com/folder/subfolder/file?

RewriteEngine On  
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]

Already tried to add two lines with no luck:

RewriteCond %{REQUEST_URI} !^/folder/sub/
RewriteCond %{REQUEST_URI} !^/otherfolder/sub/
MrWhite
  • 11,643
  • 4
  • 25
  • 40
RadioLontra
  • 1
  • 1
  • If that is the actual rule you have in `.htaccess` then it's not that rule that is redirecting HTTP requests to HTTPS - you must have "something else" that does that, hence why adding the above conditions (which should work, but apply to different paths as stated in your example) are seemingly not doing anything. (?) Only rules in a _server_ or vHost context will match a slash prefix on the `RewriteRule` _pattern_. – MrWhite May 19 '21 at 15:33
  • 1
    Yes MrWhite you're right, actually these lines in .htaccess are absolutely useless, i could have kept trying for years... Iit look like there's another redirect at a server level, which is under hosting provider control. I'm waiting for their response . I will update the post accordingly – RadioLontra May 20 '21 at 12:59
  • Have you confirmed it is actually an external 3xx "redirect" you are seeing. And not the user-agent that's "upgrading" the request to HTTPS as a result of HSTS, or.... new feature in Firefox and Chrome that auto-upgrades the request to HTTPS (if HTTPS is available)? – MrWhite May 20 '21 at 13:05

0 Answers0