Shay,
I would have gone about it the opposite way:
- Deal only with scripts, i.e., .php if you’re using PHP scripts or .html if you’re using HTML pages
1a. If not register\.php AND not checkout\.php AND %{SERVER_PORT} ^443$, redirect .*\.(php|html)$ to http://%{HTTP_HOST}%{REQUEST_URI}
1b. If register\.php OR checkout\.php AND %{SERVER_PORT} ^80$, redirect to https://%{HTTP_HOST}%{REQUEST_URI}
(Based on the way that Apache handled leading /'s with the introduction of Apache 2, your !/{whatever} should always be true. You’ve made the leading / optional in the html => php which is acceptable in both versions.)
That way, you don’t need to worry about support files
Problem:
#excludes directory from my rewrite rules
RewriteRule ^(admin|library|images|lab|blog|mailer|apps|media|phpmailer|partners|account|lib)($|/) - [L]
Sorry, that doesn’t It gives a passthrough which will probably be loopy (because it does nothing but match each time. If you want to excuse those directoreis from the following rules, use the Skip flag (as demonstrated in my signature’s tutorial when discussing flags).
RewriteRule (.*)/(.*)-(.*)/(.*)\\.html$ details.php?name=$2&storeID=$3&cmspage=$4
RewriteRule (.*)/(.*)-(.*)\\.html$ details.php?name=$2&storeID=$3
Oh, my! I don’t see anything major wrong but those are lacking the Last flags (probably not required) and the :kaioken: EVERYTHING :kaioken: atoms are known troublemakers as they’ll match EVERYTHING or NOTHING. The extra characters specified should keep you out of trouble but I prefer to specify the allowed characters to avoid unexpected problems.
#Regular Content Pages from CMS
RewriteRule ^/?([a-zA-z0-9_]+).html$ page.php?pg=$1
Same comments as above, i.e., if you know your Apache version use ^/ for Apache 1 or ^ for Apache 2. Your character range definition is fine but you’re again missing the Last flag. While not required, it should be (IMHO).
As for security of the scripts, I’d not worry about the support files (as long as you’re simply referencing them with relative links AND you’re not forcing them either to or away from %{HTTPS} on (server port 443 or 80).
Regards,
DK