You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Andrew Davis <an...@socallinuxsolutions.com> on 2003/11/10 19:14:42 UTC

[users@httpd] mod_rewrite issue...

I have a test server setup with Apache 1.3.27, Tomcat 4.1.27, and 
mod_jk2. Its all running on RH Linux ES 2.1.

Apache is setup on ports 80 & 443. The port 80 config has only the 
basics defined, then has a mod_rewrite rule to send *ALL* traffic to the 
same URL but via https. It also has mod_jk2 setup to forward all .jsp & 
.do requests to tomcat. Tomcat is listening on ports 8080 and 8009.

All seems to work fine, but there's a hole. If I go to http://qa-wap1, I 
am properly redirected to https://qa-wap1. As I login, follow links, 
etc., I stay on the secure URL. However, if get into a secure URL... say 
https://qa-wap1/submitProfile.jsp and change the URL in my browser to 
http://qa-wap1:80/submitProfile.jsp and refresh the browser, the entire 
page (content and images, both) reloads and looks perfect. The obvious 
problem is that I just circumvented the secure URL concept. There's a 
hole somewhere that I haven't been able to plug. This occurs with 
multiple browsers.

Interestingly, I have an almost identical setup using Apache 1.3.26 and 
Resin via mod_caucho. The mod_rewrite rule is the same, but if I try to 
substitute the URL as mentioned above, it immediately puts me back on 
the secure URL as it should.

The relevant portions of the config files are below. I'm hoping someone 
can help me get byond this.

Relevant portion of httpd.conf:

<VirtualHost qa-wap1:80>
ServerName qa-wap1
ServerAlias qa-wap1.my.domain.com
ServerAdmin linux@mydomain.com
ErrorLog /var/log/httpd/qa-wap1_error_log
TransferLog /var/log/httpd/qa-wap1_access_log
CustomLog /var/log/httpd/qa-wap1_referer_log referer
CustomLog /var/log/httpd/qa-wap1_agent_log agent
#
RewriteEngine on
RewriteLogLevel 0
RewriteRule ^(.*) https://qa-wap1$1 [R=301]
</VirtualHost>

<VirtualHost qa-wap1:443>
ServerName qa-wap1
ServerAlias qa-wap1.my.domain.com
ServerAdmin linux@mydomain.com
DocumentRoot /usr/tomcat/webapps/Genvault
ErrorLog /var/log/httpd/qa-wap1_ssl_error_log
TransferLog /var/log/httpd/qa-wap1_ssl_access_log
CustomLog /var/log/httpd/qa-wap1_ssl_referer_log referer
CustomLog /var/log/httpd/qa-wap1_ssl_agent_log agent
DirectoryIndex index.htm
# SSL Options
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/certs/qa-wap1.crt
SSLCertificateKeyFile /etc/httpd/certs/qa-wap1.key
# End SSL Options
</VirtualHost>

# Load mod_jk2
LoadModule jk2_module modules/mod_jk2.so
AddModule mod_jk2.c

Relevant portion of workers2.properties

#[logger.apache13]
#level=DEBUG

[shm]
file=/var/log/httpd/shm.file
size=1048576

[workerEnv:]
info=Global server options
timing=1
debug=0

[channel.socket:localhost:8009]
port=8009
host=127.0.0.1

# define the worker
[ajp13:localhost:8009]
channel=channel.socket.localhost:8009

# Uri mapping

[uri:/*.jsp]
worker=ajp13:localhost:8009

[uri:/*.do]
worker=ajp13:localhost:8009

[uri:/servlet/*]
worker=ajp13:localhost:8009

[uri:/services/*]
worker=ajp13:localhost:8009

I'm not including my server.xml as I don't think its necessary, but I 
can if it will help. Most interestingly, I decided to circumvent the 
problem by setting a different DocumentRoot for the port 80 vhost, and 
having only a single index.html in the folder and have it do an 
immediate refresh to the secure URL (https://qa-wap1), plus I removed 
the rewrite rules. I would think that in doing this, if I change the URL 
to http://qa-wap1:80/submitProfile.jsp that I should get a 404 error. 
Unfortunately, I got the same results as above... the page loaded 
perfectly on the non-secure URL, except for the images.

And since I know someone will ask, when I change the URL 
(https://qa-wap1/submitProfile.jsp) to 
http://qa-wap1:80/submitProfile.jsp and refresh the browser, yes, the 
lock icon goes away. So its not a client caching issue.
-- 
Andrew Davis, Founder
SoCalLinuxSolutions
andrew@socallinuxsolutions.com
760-525-4689

SoCalLinuxSolutions.com
Linux Consultation & Integration Services



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org