You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Rob Benton <ro...@conwaycorp.net> on 2005/11/30 23:35:59 UTC
[users@httpd] redirecting everything to ssl
I've got a site on my intranet running with mod_ssl. This site used to
run over plain http://. I'd like to redirect everyone trying to access
the old address to the new address via https://.
I tried just:
Redirect permanent http://site https://site
but I get a 400 Bad Request error. I also looked at mod_rewrite but
wasn't sure if it would work for this. What is the
simplest/best/easiest way to do this?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] redirecting everything to ssl
Posted by Joshua Slive <js...@gmail.com>.
On 11/30/05, Rob Benton <ro...@conwaycorp.net> wrote:
> I've got a site on my intranet running with mod_ssl. This site used to
> run over plain http://. I'd like to redirect everyone trying to access
> the old address to the new address via https://.
>
> I tried just:
> Redirect permanent http://site https://site
>
> but I get a 400 Bad Request error. I also looked at mod_rewrite but
> wasn't sure if it would work for this. What is the
> simplest/best/easiest way to do this?
You can do it with mod_rewrite, or you can do it with something like
<VirtualHost _default_:80>
Redirect permanent / https://site/
</VirtualHost>
(Assuming you also have a vhost setup for your ssl site.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] redirecting everything to ssl
Posted by Joshua Slive <js...@gmail.com>.
On 12/1/05, Charlie Smith <Sm...@ldschurch.org> wrote:
> Isn't ip based hosts required for this as well?
No, port-based vhosts are used. The configuration is essentially the same.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] redirecting everything to ssl
Posted by Charlie Smith <Sm...@ldschurch.org>.
Isn't ip based hosts required for this as well?
>>> Joshua 12/01/05 11:56 AM >>>
On 12/1/05, Rob Benton <ro...@conwaycorp.net> wrote:
>
> RewriteCond %{HTTP_HOST} !^my\.site [NC]
> RewriteCond %{HTTP_HOST} !^$
> RewriteCond %{SERVER_PORT} ^(80|443)$
> RewriteRule ^/(.*) https://my.site/$1 [L,R]
>
> That will direct all https:// traffic to the right hostname but trying
> to use http:// still results in the bad request error:
>
> "Your browser sent a request that this server could not understand.
> Reason: You're speaking plain HTTP to an SSL-enabled server port.
> Instead use the HTTPS scheme to access this URL, please."
>
> I must have missed something else in the config file. I have 2 Listen
> directives, 1 for 80, and 1 for 443.
You probably have SSL turned on for the entire server, rather than
just for the requests coming in on port 443. As I mentioned in an
earlier reply, you should have two vhosts: one for ssl on 443 and one
for non-ssl on 80. The second one just redirects to the first and the
SSLEngine directive is only in the first one.
Joshual.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
------------------------------------------------------------------------------
This message may contain confidential information, and is
intended only for the use of the individual(s) to whom it
is addressed.
------------------------------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] redirecting everything to ssl
Posted by Joshua Slive <js...@gmail.com>.
On 12/1/05, Rob Benton <ro...@conwaycorp.net> wrote:
>
> RewriteCond %{HTTP_HOST} !^my\.site [NC]
> RewriteCond %{HTTP_HOST} !^$
> RewriteCond %{SERVER_PORT} ^(80|443)$
> RewriteRule ^/(.*) https://my.site/$1 [L,R]
>
> That will direct all https:// traffic to the right hostname but trying
> to use http:// still results in the bad request error:
>
> "Your browser sent a request that this server could not understand.
> Reason: You're speaking plain HTTP to an SSL-enabled server port.
> Instead use the HTTPS scheme to access this URL, please."
>
> I must have missed something else in the config file. I have 2 Listen
> directives, 1 for 80, and 1 for 443.
You probably have SSL turned on for the entire server, rather than
just for the requests coming in on port 443. As I mentioned in an
earlier reply, you should have two vhosts: one for ssl on 443 and one
for non-ssl on 80. The second one just redirects to the first and the
SSLEngine directive is only in the first one.
Joshual.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] redirecting everything to ssl
Posted by Rob Benton <ro...@conwaycorp.net>.
Olaf van der Spek wrote:
> On 11/30/05, Rob Benton <ro...@conwaycorp.net> wrote:
>
>>I've got a site on my intranet running with mod_ssl. This site used to
>>run over plain http://. I'd like to redirect everyone trying to access
>>the old address to the new address via https://.
>>
>>I tried just:
>>Redirect permanent http://site https://site
>>
>>but I get a 400 Bad Request error. I also looked at mod_rewrite but
>>wasn't sure if it would work for this. What is the
>>simplest/best/easiest way to do this?
>
>
> I use:
> RewriteEngine on
> RewriteCond %{HTTP_HOST} !^xwis.net [NC]
> RewriteRule ^/(.*) http://xwis.net/$1 [l,r=permanent]
>
> You would not use the Cond and use https in the Rule.
Just trying that gives me the infinite redirect loop. So I tried
this(lifted from URL Rewriting Guide):
RewriteCond %{HTTP_HOST} !^my\.site [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{SERVER_PORT} ^(80|443)$
RewriteRule ^/(.*) https://my.site/$1 [L,R]
That will direct all https:// traffic to the right hostname but trying
to use http:// still results in the bad request error:
"Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please."
I must have missed something else in the config file. I have 2 Listen
directives, 1 for 80, and 1 for 443.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] redirecting everything to ssl
Posted by Olaf van der Spek <ol...@gmail.com>.
On 11/30/05, Rob Benton <ro...@conwaycorp.net> wrote:
> I've got a site on my intranet running with mod_ssl. This site used to
> run over plain http://. I'd like to redirect everyone trying to access
> the old address to the new address via https://.
>
> I tried just:
> Redirect permanent http://site https://site
>
> but I get a 400 Bad Request error. I also looked at mod_rewrite but
> wasn't sure if it would work for this. What is the
> simplest/best/easiest way to do this?
I use:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^xwis.net [NC]
RewriteRule ^/(.*) http://xwis.net/$1 [l,r=permanent]
You would not use the Cond and use https in the Rule.