You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Rob Benton <ro...@conwaycorp.net> on 2005/11/30 23:35:59 UTC

[users@httpd] redirecting everything to ssl

I've got a site on my intranet running with mod_ssl.  This site used to 
run over plain http://.  I'd like to redirect everyone trying to access 
the old address to the new address via https://.

I tried just:
Redirect permanent http://site https://site

but I get a 400 Bad Request error.  I also looked at mod_rewrite but 
wasn't sure if it would work for this.  What is the 
simplest/best/easiest way to do this?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] redirecting everything to ssl

Posted by Joshua Slive <js...@gmail.com>.

On 11/30/05, Rob Benton <ro...@conwaycorp.net> wrote:
> I've got a site on my intranet running with mod_ssl.  This site used to
> run over plain http://.  I'd like to redirect everyone trying to access
> the old address to the new address via https://.
>
> I tried just:
> Redirect permanent http://site https://site
>
> but I get a 400 Bad Request error.  I also looked at mod_rewrite but
> wasn't sure if it would work for this.  What is the
> simplest/best/easiest way to do this?

You can do it with mod_rewrite, or you can do it with something like
<VirtualHost _default_:80>
Redirect permanent / https://site/
</VirtualHost>

(Assuming you also have a vhost setup for your ssl site.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] redirecting everything to ssl

Posted by Joshua Slive <js...@gmail.com>.

On 12/1/05, Charlie Smith <Sm...@ldschurch.org> wrote:
> Isn't ip based hosts required for this as well?

No, port-based vhosts are used.  The configuration is essentially the same.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] redirecting everything to ssl

Posted by Charlie Smith <Sm...@ldschurch.org>.

Isn't ip based hosts required for this as well?


>>> Joshua 12/01/05 11:56 AM >>>
On 12/1/05, Rob Benton <ro...@conwaycorp.net> wrote:
>
> RewriteCond %{HTTP_HOST}   !^my\.site [NC]
> RewriteCond %{HTTP_HOST}   !^$
> RewriteCond %{SERVER_PORT} ^(80|443)$
> RewriteRule ^/(.*)         https://my.site/$1 [L,R]
>
> That will direct all https:// traffic to the right hostname but trying
> to use http:// still results in the bad request error:
>
> "Your browser sent a request that this server could not understand.
> Reason: You're speaking plain HTTP to an SSL-enabled server port.
> Instead use the HTTPS scheme to access this URL, please."
>
> I must have missed something else in the config file.  I have 2 Listen
> directives, 1 for 80, and 1 for 443.

You probably have SSL turned on for the entire server, rather than
just for the requests coming in on port 443.  As I mentioned in an
earlier reply, you should have two vhosts: one for ssl on 443 and one
for non-ssl on 80.  The second one just redirects to the first and the
SSLEngine directive is only in the first one.

Joshual.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
   "   from the digest: users-digest-unsubscribe@httpd.apache.org 
For additional commands, e-mail: users-help@httpd.apache.org 



------------------------------------------------------------------------------
This message may contain confidential information, and is
intended only for the use of the individual(s) to whom it
is addressed.
------------------------------------------------------------------------------


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] redirecting everything to ssl

Posted by Joshua Slive <js...@gmail.com>.

On 12/1/05, Rob Benton <ro...@conwaycorp.net> wrote:
>
> RewriteCond %{HTTP_HOST}   !^my\.site [NC]
> RewriteCond %{HTTP_HOST}   !^$
> RewriteCond %{SERVER_PORT} ^(80|443)$
> RewriteRule ^/(.*)         https://my.site/$1 [L,R]
>
> That will direct all https:// traffic to the right hostname but trying
> to use http:// still results in the bad request error:
>
> "Your browser sent a request that this server could not understand.
> Reason: You're speaking plain HTTP to an SSL-enabled server port.
> Instead use the HTTPS scheme to access this URL, please."
>
> I must have missed something else in the config file.  I have 2 Listen
> directives, 1 for 80, and 1 for 443.

You probably have SSL turned on for the entire server, rather than
just for the requests coming in on port 443.  As I mentioned in an
earlier reply, you should have two vhosts: one for ssl on 443 and one
for non-ssl on 80.  The second one just redirects to the first and the
SSLEngine directive is only in the first one.

Joshual.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] redirecting everything to ssl

Posted by Rob Benton <ro...@conwaycorp.net>.

Olaf van der Spek wrote:
> On 11/30/05, Rob Benton <ro...@conwaycorp.net> wrote:
> 
>>I've got a site on my intranet running with mod_ssl.  This site used to
>>run over plain http://.  I'd like to redirect everyone trying to access
>>the old address to the new address via https://.
>>
>>I tried just:
>>Redirect permanent http://site https://site
>>
>>but I get a 400 Bad Request error.  I also looked at mod_rewrite but
>>wasn't sure if it would work for this.  What is the
>>simplest/best/easiest way to do this?
> 
> 
> I use:
>         RewriteEngine on
>         RewriteCond %{HTTP_HOST} !^xwis.net [NC]
>         RewriteRule ^/(.*)       http://xwis.net/$1 [l,r=permanent]
> 
> You would not use the Cond and use https in the Rule.

Just trying that gives me the infinite redirect loop.  So I tried 
this(lifted from URL Rewriting Guide):

RewriteCond %{HTTP_HOST}   !^my\.site [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteCond %{SERVER_PORT} ^(80|443)$
RewriteRule ^/(.*)         https://my.site/$1 [L,R]

That will direct all https:// traffic to the right hostname but trying 
to use http:// still results in the bad request error:

"Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please."

I must have missed something else in the config file.  I have 2 Listen 
directives, 1 for 80, and 1 for 443.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] redirecting everything to ssl

Posted by Olaf van der Spek <ol...@gmail.com>.

On 11/30/05, Rob Benton <ro...@conwaycorp.net> wrote:
> I've got a site on my intranet running with mod_ssl.  This site used to
> run over plain http://.  I'd like to redirect everyone trying to access
> the old address to the new address via https://.
>
> I tried just:
> Redirect permanent http://site https://site
>
> but I get a 400 Bad Request error.  I also looked at mod_rewrite but
> wasn't sure if it would work for this.  What is the
> simplest/best/easiest way to do this?

I use:
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^xwis.net [NC]
        RewriteRule ^/(.*)       http://xwis.net/$1 [l,r=permanent]

You would not use the Cond and use https in the Rule.