Question
I have been looking everywhere for how to create a rewrite rule that only applies to http:// versions of a website and not the https:// version.
Basically, for a login page I am trying to block all access to the http version so that the user is forced to login through the secure page.
In my situation, the example is:
https://stackoverflow.com/questions/23201665
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianhttp://shop.example.com/admin (Blocked)
https://shop.example.com/admin (Access)
Can anyone help me out with this? And if I am searching the wrong keywords, please do not lower my score. Simply offer me the advice for what to look for and I will remove the question and continue with my searches.
Thanks
EDIT: Another issue is this website is an eCommerce CMS. Therefore, there is only one index.php file and one .htaccess file for the entire website?
Solution
put this code in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^shop\.example\.com$ [NC]
RewriteRule ^admin - [F,NC]
This will return forbidden error for all the http://shop.example.com/admin requests.
