httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Beau Hebert" <bheb...@c-quential.com>
Subject RE: [users@httpd] HTTP to HTTPS using mod_rewrite
Date Thu, 15 May 2003 18:36:42 GMT
Not sure if the Redirect solution is quite the one I'm looking for. It
could be, but as stated, I'm somewhat of a newbie...I'm attempting to
redirect all http requests to https. As it stands, if you enter the site
at http://domain.com, the visitor is redirected to https://domain.com.
I've got Listeners on ports 80 and 443, as well as Virtual Hosts for
both. Ultimately, what I would like to happen is that if for some
reason, during a session, someone attempted to take the 's' away from
https in say https://domain/login.jsp and tried to simply access
http://domain/login.jsp they would automatically be redirected back to
https://domain/login.jsp (I would like this to happen on any and all
pages in the site). As it stands now, I can turn off port 80 in which
the visitor gets a 'page cannot be displayed'. The redirect solution
seems only to redirect any given port 80 request to the https domain's
homepage (i.e.  Redirect / https://server-name/) , and doesn’t seem to
be intuitive enough as to keep the user on the page that they are on and
simply turn all http requests into https. Am I making sense? I'm
starting to confuse myself.... Succinctly put, should the user attempt
to tamper with the URL, I'd like all http requests rewritten to https
and keep the user on the same page that they are on. Thanks for the
help. 

Beau

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com] 
Sent: Thursday, May 15, 2003 11:10 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] HTTP to HTTPS using mod_rewrite


>-----Original Message-----
>From: Beau Hebert [mailto:bhebert@c-quential.com]
>
>I've been assigned the task of redirecting all incoming http
>requests to
>https. Problem is, I am not an administrator. I've done a little
>research, and it seems that this is possible using mod_rewrite. I've
>copied the code that I've come up with below, but doesn't seem to be
>working. Can anyone confirm if this should/could work?
>
>Thanks much
>Beau
>
><IfModule mod_rewrite.c>
>RewriteCond %{SERVER_PORT}           !^443$
>RewriteRule ^/(.*)
>https://%{SERVER_NAME}/$1 [L,R]
></IfModule>
>
>#This code within Virtual Host
>RewriteEngine on
>RewriteOptions inherit

It is not too clear what you are trying to do. HTTP requests, by
default, are sent to port 80. So your RewriteCond would not be satisfied
in any case. 

I am assuming you want to trap plain HTTP requests for your site and
redirect them to your HTTPS service. To do so, you need two virtual
hosts, one on HTTP and one on HTTPS. The HTTP VH just redirects all
requests to HTTPS. So:

Listen 80
<VirtualHost *:80>
  Redirect / https://server-name/
</VirtualHost>

Listen 443
<VirtualHost *:443>
  ServerName server-name
  SSLCert..stuff..
  DocumentRoot /path/to/ssl/docs
  etc...
</VirtualHost>

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
présent e-mail est un message privé et personnel, sans rapport avec
l'activité boursière de la SWX Swiss Exchange

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message