httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Beau Hebert" <bheb...@c-quential.com>
Subject RE: [users@httpd] mod_rewrite help
Date Wed, 21 May 2003 16:06:11 GMT
The rule does work in that it rewrites all HTTP requests to https://www.
The problem is that it won't tack on www. to a https:// request. For
example if you go to http://mydomain.com, it works beautifully rewriting
to https://www.mydomain.com. However, it you go to https://mydomain.com
it doesn't tack on the www., and consequently, the security alert pops
up. So, I guess what I need in addition to the rule that is written is
for all individual https://mydomain.com requests written to
https://wwwmydomain.com. The current rule doesn't seem to affect this.

RewriteEngine On
RewriteRule ^(.*)$ https://www.mydomain.com$1 [R]

All of this code is written in the Port 80 Virtual Host
Any other suggestions?

Thanks again

Beau


-----Original Message-----
From: Paul Simon [mailto:wreckmybike@yahoo.com] 
Sent: Wednesday, May 21, 2003 11:40 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] mod_rewrite help

I think what you are doing already solves the problem,
redirect (internally) everything to https://www... 

I'd imagine putting an [R] on the rewrite rule might
force an external redirect to the www address,
stopping the alert. 

-Paul

--- Beau Hebert <bhebert@c-quential.com> wrote:
> First, a big thanks to all out in Apacheland for
> helping me rewrite
> incoming http requests to https. It works like a
> charm. But, as usual,
> one success has led to another obstacle. 
> 
> As mentioned, all incoming HTTP requests are
> rewritten to HTTPS using
> mod_rewrite with the following code (thanks again
> Jurgen):
> 
> RewriteEngine On
> RewriteRule ^(.*)$ https://www.mydomain.com$1
> 
> As a consequence to having all requests being HTTPS
> I also need to have
> all incoming requests contain www (i.e.
> https://www.mydomain.com/login.php  rather than
> simply
> https://mydomain.com/login.php), otherwise the user
> receives an alert
> that the name on the Certificate doesn't match the
> website. This is
> because the Secure Certificate is registered to the
> fully qualified
> domain. So, my question: is there a way (either
> augmenting the code
> above or including new code) so that if someone were
> to type
> http://mydomnain.com/anypage.jsp, it would be
> rewritten to
> https://www.mydomain.com/anypage.jsp. 
> 
> Thanks.
> Beau 
> 
> 
> 
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
>    "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
> 


=====
=====
'Ideals are like stars. We may never reach them, but we use them to
chart our course.' -- Unknown
=====
"Do not go where the path may lead, go instead where there is no path
and leave a trail" -- Ralph Waldo Emerson.
=====

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message