.htaccess - How to set SSL on certain pages (Script needs to be changed)

If you are a little familiar with mod_rewrite and regex, you should not have problems reading these rules - there are comments explaining what this rule is. the rest are the basics of regular expressions:

 Options +FollowSymLinks -MultiViews RewriteEngine On RewriteBase / # force https for /login.php and /register.php RewriteCond %{HTTPS} =off RewriteRule ^(login|register)\.php$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] # don't do anything for images/css/js (leave protocol as is) RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L] # force http for all other URLs RewriteCond %{HTTPS} =on RewriteCond %{REQUEST_URI} !^/(login|register)\.php$ RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] 

• These rules should be placed in .htaccess in the root folder of the site before any other rewrite rules (if any). If they are placed elsewhere, a small adjustment may be required.

• They will

  • run https for /login.php and /register.php ,
  • do nothing for images, CSS styles, and JavaScript files (more precisely, for files with these extensions)
  • and force HTTP for all other urls

• You can easily add other URLs to this list - just change the existing rule by adding an additional file name to the list (the same text in 2 places: 1) to force 2) to exclude)

• File names are case sensitive. Thus, these rules will not work if /login.php requested (Apache will also not service it, since Linux is a case-sensitive OS), so there is no need to worry here.

• The obvious thing: mod_rewrite must be enabled, and .htaccess files must be processed by Apache (some web hosting companies disable them for performance and security reasons).