mod_rewrite - exclude urls

Question

I need a mod_rewrite to redirect all http requests to https, but I want do exclude some URLs

#   force https
RewriteCond %{HTTPS}            off
RewriteCond %{HTTP_HOST}        ^secure\. [NC]
RewriteCond %{REQUEST_URI}      !gateway_callback [NC]
RewriteRule ^.                  https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,QSA]

All URLs which match gateway_callback must be excluded

This URL should not be redirected, but it does!?

http://secure.localhost/da/gateway_callback/29/

Have tried to flush DNS cache in the browser, but the URL is still redirected to https

Answer 1

The main problem with your config is that the REQUEST_URI variable contains everything after and including the forward slash. The third RewriteCond statement needs to be updated to something like the following:

RewriteCond %{REQUEST_URI} !^/da/gateway_callback/.*$ [NC]

This should match the example you have provided. If the URI does not always start with /da/ then you might need to put in a wildcard:

RewriteCond %{REQUEST_URI} !^/[^/]+/gateway_callback/.*$ [NC]

where the [^/]+ matches one or more characters which is not a forward slash.

I would recommend always using the regex anchors wherever possible as it removes ambiguity. The original RewriteCond attempting to match REQUEST_URI does not use them, which can confuse admins at a casual glance.

Also note that all related examples for the RewriteCond and RewriteRule directives in the official documentation use the start anchor.