Exclude SSL from some paths in HTACCESS?

Hi! I’m new to HTACCESS and all it’s power, and I’m trying to set up SSL on some of my Drupal 7 site. This requires a little rework of the HTACCESS file that’s provided. So far, I got SSL to work on all pages, but there are some paths I’d like to keep regular HTTP and not secure them. Most of these are “outside” my typical Drupal install, but still on the same domain.

For example, on my example.com website, I may have a folder named “extras” with an “list.html” file I don’t want to secure, so going to http://www.example.com/extras/list.html should remain HTTP.

In my HTACCESS file, I have added the following code so that the top of my file looks like this:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^([a-z.]+)?MYDOMAIN.com$ [NC]
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+..+.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/.well-known/pki-validation/[A-F0-9]{32}.txt(?: Comodo DCV)?$
RewriteRule .? http://www.%MYDOMAIN.com%{REQUEST_URI} [R=301,L]
# Apache/PHP/Drupal settings:

### MY CODE ###
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    RewriteCond %{HTTP_HOST} !^www.
    RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### END MY CODE ###

...and it continues...

Please note, I renamed my actual domain with MYDOMAIN.

This is rewriting all my URLs to HTTPS, so that’s working fine. However, I’d like to set up a few exclusions. What is the best approach to take to do this? Is there an “if path is this, then do this” function that would work in my case?

I explored a plugin which could set exceptions but it seems to require a lot of extra work to install and is also not a secure option. It seems others have not had much success with it either, so I’m taking a more manual approach.



Drupal version: 

Source: https://www.drupal.org/taxonomy/term/22/feed