I've got a client site hosted on PagodaBox (Laravel 4) and it is serving https request with a certificate warning. The client's internal applications expect any https traffic to fail on the web host and follow through to their internal gateway.
Is it possible to disallow all HTTPS request from within an htaccess file? Redirecting will not work in this case. We cannot modify the httpd.conf so it looks like .htaccess is the only option.
So far, I've tried this and the site will still accept HTTPS request:
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} off
This will never work. The SSL connection has to be established FIRST, before the HTTP layer is ever processed. That means your users will STILL get a certificate warning, and then get redirected.
In real world terms, you've got a box giftwrapped with razor wire. They have to get through the razor wire (your cert warnings) so they can see that box contains a note saying "present is under bed".
Your rewrite is basically saying "If https is off, then do nothing". You have no RewriteRule, which is where the actual rewriting occurs. And since on an SSL-enabled site HTTPS would never be off, the RewriteCond would never match to start with.