Redirect entire site from http to https, EXCEPT certain directories?

Man, I have tried everything I can think of and I have scoured the internet looking for an answer. I recently upgraded our server to SSL and so needed a way to redirect all standard http requests to https. I found a simple solution for this, and it works fine. However, we have several legacy IoT devices that no longer work because their config and firmware update directories are also being directed to https, so they can’t see them!

I used code below (.htacess file) originally to do the redirect of the entire site from http to https. It uses the typical (.*) for redirecting everything. I tried various paths and such to try to exclude certain directories and I could never get it to work.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] 

I need all files contained in the directories root/config and root/firmware to be visible from http and not redirected to https. ie:

Can someone PLEASE tell me how to make the condition for redirecting the entire site, but excluding certain directories?

Thank you!

By the way, I have tried this code expecting it to work, but it doesn’t:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/config
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

It still redirects everything to https, even the config directory.

I also tried putting a separate .htacess file in the /config directory that turns off https and that seems to be ignored.

I would have thought that the second comparison parameter should be first.

I am unable to test white tableting :slight_smile:

The AND is implicit (from what I have read), so this would mean in long form:

If HTTPS = off (this request is not SSL)
If the URL is NOT /config (not from the config directory)
Redirect the request to the HTTPS version.

So, this should theoretically work. It does redirect everything, including any access to the config directory, which it should just leave alone.

Well, I solved this issue. It turns out that Firefox got into a state where it refused to clear it’s cache. I tried several “cleaner programs” and they had issues. I ended up rebooting the computer and then using a CCleaner and that cleared over 1GB of cached data. At that point the following code worked:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/config
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]

I used 302 (temporary) instead of 301. I could probably use 301, but I am afraid of things being stored in the cache now. :slight_smile:

1 Like

I have had similar problems and wrote this utility which does not rely upon a local cache:


That is an amazing piece of work! Thank you for sharing that! Man, that would have saved me a TON of time with this! I will use this in future for sure!