an initial https connection might still end up as http on the backend. in that case we don't want to redirect

author: mh <mh@immerda.ch> 2014-04-14 22:53:49 +0200
committer: mh <mh@immerda.ch> 2014-04-14 22:53:49 +0200
commit: df43214cdce1f474fa11ab1c1752fdd28a2ae19e (patch)
tree: 46af0ba0c9f0399595111cfd300f839a85977536 /templates/vhosts/php_silverstripe/partial.erb
parent: c0697dae3212159c54e8c2ea8eb4f1a1ae1439a3 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/templates/vhosts/php_silverstripe/partial.erb b/templates/vhosts/php_silverstripe/partial.erb
index 89a6052..9ff32db 100644
--- a/templates/vhosts/php_silverstripe/partial.erb
+++ b/templates/vhosts/php_silverstripe/partial.erb
@@ -1,9 +1,10 @@
-<% if vhost_part != :ssl && ![false,'false'].include?(ssl_mode) -%>
     # silverstripe
-    RedirectMatch /admin(.*) https://<%= servername %>/admin$1
-    RedirectMatch /Security(.*) https://<%= servername %>/Security$1
+    RewriteEngine On
+    RewriteCond %{HTTPS} !=on
+    RewriteCond %{HTTP:X-Forwarded-Proto} !=https
+    RewriteRule /admin(.*) https://<%= servername %>/admin$1 [L,R,NE]
+    RewriteRule /Security(.*) https://<%= servername %>/Security$1 [L,R,NE]
 
-<% end -%>
     <Directory "<%= documentroot %>/">
 
 <%= scope.function_template(['apache/vhosts/partials/std_override_options.erb']) %>
author	mh <mh@immerda.ch>	2014-04-14 22:53:49 +0200
committer	mh <mh@immerda.ch>	2014-04-14 22:53:49 +0200
commit	df43214cdce1f474fa11ab1c1752fdd28a2ae19e (patch)
tree	46af0ba0c9f0399595111cfd300f839a85977536 /templates/vhosts/php_silverstripe/partial.erb
parent	c0697dae3212159c54e8c2ea8eb4f1a1ae1439a3 (diff)