Apache Redirect only when entering a password

Question

I setup phpMyID on one of my machines, and I'm trying to get apache to redirect to HTTPS only when a password is being submitted. I am doing this as my original setup of redirecting all openid traffic didn't work stackoverflow doesn't like my self signed certificate. This is the new rule I've written, but its not working:

RewriteRule http://%{SERVER_NAME}/openid/index.php(\?.+)$ https://%{SERVER_NAME}/openid/index.php$1

Answer 1

You need to use a Cond to test for both port (http or httpd) and query string:

RewriteCond %{SERVER_PORT} 80
RewriteCond %{QUERY_STRING} (.+)
RewriteRule /openid/index.php https://%{SERVER_NAME}/openid/index.php?%1

if on .htaccess you must use instead

RewriteCond %{SERVER_PORT} 80
RewriteCond %{QUERY_STRING} (.+)
RewriteRule openid/index.php https://%{SERVER_NAME}/openid/index.php?%1

Answer 2

A better solution would be:

    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^openid/index\.php$ https://%{SERVER_NAME}/openid/index.php

Explaination: RewriteCond %{SERVER_PORT} 80 does also match ports that just include 80. The same applies to the pattern openid/index.php (where “.” also can be any character). And appending the query is not necessary since mod_rewrite automatically appends the originally requested query to the substitute unless the query of the substitute is given.