From df43214cdce1f474fa11ab1c1752fdd28a2ae19e Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Mon, 14 Apr 2014 22:53:49 +0200
Subject: an initial https connection might still end up as http on the
 backend. in that case we don't want to redirect

---
 templates/vhosts/php_silverstripe/partial.erb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'templates/vhosts/php_silverstripe/partial.erb')

diff --git a/templates/vhosts/php_silverstripe/partial.erb b/templates/vhosts/php_silverstripe/partial.erb
index 89a6052..9ff32db 100644
--- a/templates/vhosts/php_silverstripe/partial.erb
+++ b/templates/vhosts/php_silverstripe/partial.erb
@@ -1,9 +1,10 @@
-<% if vhost_part != :ssl && ![false,'false'].include?(ssl_mode) -%>
     # silverstripe
-    RedirectMatch /admin(.*) https://<%= servername %>/admin$1
-    RedirectMatch /Security(.*) https://<%= servername %>/Security$1
+    RewriteEngine On
+    RewriteCond %{HTTPS} !=on
+    RewriteCond %{HTTP:X-Forwarded-Proto} !=https
+    RewriteRule /admin(.*) https://<%= servername %>/admin$1 [L,R,NE]
+    RewriteRule /Security(.*) https://<%= servername %>/Security$1 [L,R,NE]
 
-<% end -%>
     <Directory "<%= documentroot %>/">
 
 <%= scope.function_template(['apache/vhosts/partials/std_override_options.erb']) %>
-- 
cgit v1.2.3