How to force HTTPS on all URL's except one directory /images using .htaccess?
I am using WordPress and we have one directory that is not a WordPress directory /images and we need this directory to be HTTP only everything else should be forced to HTTPS.
In the WordPress settings we have the domain set to HTTP
and in the .htaccess file we have the below.
I can not seem to get this to work. Our host is cloudways if that helps any
# This file was updated by Duplicator on 2018-09-10 16:52:27. See .htaccess.orig for the original .htaccess file.
# Please note that other plugins and resources write to this file. If the time-stamp above is different
# than the current time-stamp on the file system then another resource has updated this file.
# Duplicator only writes to this file once during the install process while running the installer.php file.
#RewriteEngine On
#RewriteCond %{HTTP:X-Forwarded-SSL} !on
#RewriteCond %{REQUEST_URI} ^\/(images)
#RewriteRule (.*) https://%{HTTP_HOST}/$1 [L,R=301]
#RewriteCond %{HTTP:X-Forwarded-SSL} =on
#RewriteCond %{REQUEST_URI} !^\/(images)
#RewriteRule (.*) http://%{HTTP_HOST}/$1 [L,R=301]
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# MalCare WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END MalCare WAF
In the wordpress settings we have the domain set to http
If you are wanting to force HTTPS everywhere except for the one directory, which is "outside of WordPress" then the "WordPress Address" and "Site Address" in the WP dashboard should both be set to HTTPS, not HTTP.
#RewriteCond %{HTTP:X-Forwarded-SSL} !on #RewriteCond %{REQUEST_URI} ^\/(images) #RewriteRule (.*) https://%{HTTP_HOST}/$1 [L,R=301] #RewriteCond %{HTTP:X-Forwarded-SSL} =on #RewriteCond %{REQUEST_URI} !^\/(images) #RewriteRule (.*) http://%{HTTP_HOST}/$1 [L,R=301] RewriteEngine On RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
In the root .htaccess file you can redirect to HTTPS everywhere, but make an exception to exclude further processing if the /images/ directory (the one that should remain as HTTP) is requested.
For example:
# Prevent further processing if the "/images" directory is requested
RewriteRule ^images($|/) - [L]
# Redirect everything else to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# BEGIN WordPress
:
No need to repeat the RewriteEngine On directive, since this already occurs later in the file (in the WP section).
Make sure you clear your browser cache before testing and test with 302 (temporary) redirects to avoid caching issues.
This assumes the SSL cert is installed on your application server and you aren't using a proxy/CDN/load balancer that might be managing the SSL connection.
UPDATE: Since the above is still resulting in a redirect-loop it's possible you are behind a proxy server of some kind (either CloudWays - your webhost - or perhaps Cloudflare) that is managing the SSL connection. Try the following instead for the second rule (HTTP to HTTPS redirection):
# Redirect everything else to HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
- Simple wordpress ajax query is not working
- Embed each term from a comma separated string of product attributes in a span tag
- Add a message when adding Wordpress Category
- Wordpress redirect specific link to custom link
- How to use template for a WordPress category?
- How to Host videos and Images fast in Wordpress?
- Wordpress 6.6 add button next to publish on custom post type
- WP Plugins install error - Installation failed: Download failed. cURL error 35
- Change Dokan Store Slug and Store Listing Slug
- I got this error "Use of a direct database call is discouraged"
- I want to remove index.php in the link
- Update Booking status to confirmed for cod orders in WooCommerce
- Woocommerce add to cart button redirect to checkout
- Azure Wordpress app service - MySQL flexible server - phpmyadmin - "Cannot log in to the MySQL server" error
- Notice: ob_end_flush(): failed to send buffer of zlib output compression (1) in
- How to fix Lighthouse “Links do not have a discernible name”
- Image height and width not working?
- How do I transfer all child elements to a group div wrappers recursively in jquery?
- Issue with Displaying Custom Post Types in WordPress Loop
- Adding fancy box to a WP theme
- Debug Plugin Installation?
- Create shortcode to show specific nav menu depending on product category
- Get multiple values from checkbox with jquery
- WooCommerce order status hook not triggering
- wp_mail wordpress html with style not aplying
- How to change title when toggle is active in Elementor Page Builder
- How can I get a post by title in Wordpress?
- Access denied for user 'root@localhost' (using password:NO)
- Woocommerce not using the right templates
- Wordpress blog is now showing Install page ? the db is still there and wp-config has correct details