Force SSL but exclude certain files.

[norbie]

Hi all,

 

I've running an online shop and would like the /cart/ folder to use SSL only, and all other areas of the site to be non-SSL. This is currently working using the following code:

 

root .htaccess:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{SERVER_PORT} 443
RewriteCond %{REQUEST_URI} !images
RewriteCond %{REQUEST_URI} !includes
RewriteRule ^(.*)$ http://www.domain.com/$1 [R,L]

 

/cart/.htaccess

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.com/cart/$1 [R,L]

 

This all works fine. You can see I have excluded the images and includes folder from this rule - this is because when viewing the cart which includes images, there are SSL errors due to the modrewrite trying to show non-SSL images on an SSL page.

 

The only issue I have currently is I have some files eg. /delivery.php in the root of the site that I have linked to in the cart page using the facebox plugin. The issue is that when I click on these links, they do not load properly (I imagine this is because the facebox plugin is being called from an SSL window).

 

Can anyone see a way around this? Perhaps I need to improve the .htaccess code I've already used?

 

Many thanks.

[cags]

I'm not certain it will work for you but I recently came across the NS flag, perhaps you could have some joy with it.