# Prevent /sns from using https but this DOES need codeigniter rewriting (see below)
RewriteCond %{REQUEST_URI} !^/(sns)/
If the request URL does not end with a trailing slash (as stated), then the above rule (which includes the trailing slash on the CondPattern) will always be successful (it's a negated condition), so the redirect to HTTPS will always occur.
Ideally, you should be canonicalising the trailing slash earlier in the request. Either include the trailing slash or not (otherwise, it's essentially duplicate content and could potentially cause problems with other scripts that parse the URL).
However, to handle the two URLs /sns
and /sns/
then you need to make the trailing slash optional and include the end-of-string anchor (^
). For example:
RewriteCond %{REQUEST_URI} !^/sns/?$
Note that this only matches the two URLs stated. It will not match a URL of the form /sns/<something>
.
I've removed the parentheses around the path segment (you should also remove other parentheses in your regex). This creates a captured group and is superfluous in the directives you have posted.
UPDATE: You'll also need an additional check to make sure the rewritten URL (ie. /index.php/sns
) is not redirected. You can do this in a more general way by only applying the HTTPS redirect on the initial request, not the rewritten request, by including an additional condition:
# Only applies to direct requests (not rewritten requests)
RewriteCond {%ENV:REDIRECT_STATUS} ^$
The REDIRECT_STATUS
environment variable is set to "200" after the first successful rewrite (ie. the CodeIgniter routing). It is not set on the initial request (ie. ^$
- empty string).
If this still results in a redirect then it's possible that CodeIgniter itself is triggering the redirect (after .htaccess
has been processed).
RewriteRule ^(.*)$ ./index.php/$1 [L,QSA]
Aside: And as noted in my comment, you should remove the ./
prefix on the RewriteRule
susbtitution. See the end of my answer on this StackOverflow question for an explanation.
Summary
Options +FollowSymlinks
RewriteEngine On
# Block hidden directories
RewriteRule ^\. - [F]
# Only applies to direct requests (not rewritten requests)
RewriteCond {%ENV:REDIRECT_STATUS} ^$
# Prevent /health_check.php from using https
RewriteCond %{REQUEST_URI} !health_check\.php$
# Prevent /sns from using https but this DOES need codeigniter rewriting (see below)
RewriteCond %{REQUEST_URI} !^/sns/?$
# Reroute http to https
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Prevent rewriting of domain for codeigniter
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
The HTTP to HTTPS redirect should ultimately be a 301 (permanent) redirect, but only once you have confirmed it's working OK. The R
flag on its own defaults to a 302 (temporary) redirect.
(You don't need the <IfModule>
wrapper either, unless you site is intended to work without mod_rewrite?)