Apache rewrite rule to redirect https to http for pages you don’t need https


You are using your Rails 3.2.x application with Apache and you have setup force_ssl in one of your controllers (ie payments), that you want to force the application to use ssl. But after you set it up, and you go to one of the actions for that controller, every subsequent page you follow still uses the https protocol, even if you don’t want them to.
So you need a way to force the serving of pages in http.


You can use a redirection in your SSL apache conf file, and specify that when it doesn’t match the sections (controller,actions) you specify it should be redirected to http.
Note that RewriteCond in Apache are by default ANDed when they are in subsequent lines so you can add more conditions and that you can use [OR] if you want to perform an OR logic operation.
So by adding the following in your virtual host for the 443 port (ssl), and apply the changes it should be working as expected:

# Add https to http redirection
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/controller_you_want_ssl.*
RewriteRule (.*)  http://%{HTTP_HOST}%{REQUEST_URI}