You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wiki-changes@httpd.apache.org by Apache Wiki <wi...@apache.org> on 2007/01/05 09:33:44 UTC
[Httpd Wiki] Update of "Recipes/RedirectSSL" by AskApache

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The following page has been changed by AskApache:
http://wiki.apache.org/httpd/Recipes/RedirectSSL

------------------------------------------------------------------------------
     SSLEngine On
  # etc...
  </VirtualHost>
- }}}
  
- 
- 
- = Improved Redirect To SSL =
- ''source: [http://www.askapache.com/2006/htaccess/apache-ssl-in-htaccess-examples.html askApache.com]''
- {{{
- #If server does not have mod_ssl or mod_rewrite, deny
- [IfModule !mod_rewrite.c]
- [IfModule !mod_ssl.c]
- deny from all
- [/IfModule]
- [/IfModule]
- }}}
- 
- 
- == Most Secure SSL Redirect Method '''(doesn't require mod_rewrite!)''' ==
- This will check to make sure that the connection is using SSL, or it will fail. This works regardless of if you are serving SSL on port 443, 80, 81, etc. This is the most secure setting for SSL logins.
- 
- This also fixes having to type in the username and password twice by requiring the HTTP_HOST to match the HTTP_HOST that your SSL certificate is set-up for, in the case above, the SSL is for askapache.com not www.askapache.com
- 
- So if either of those 2 checks fail '''(!SSL or !correct domain)''' than the (403) ErrorDocument directive issues a 302 Found, Location: https://askapache.com which forces the client to connect to the correct location. 
- {{{
- [IfModule mod_ssl.c]
- SSLOptions +StrictRequire
- SSLRequireSSL
- SSLRequire %{HTTP_HOST} eq "askapache.com"
- ErrorDocument 403 https://askapache.com
- [/IfModule]
- }}}
- 
- 
- == Rewrite non-SSL requests to SSL '''(doesn't require mod_ssl!)''' ==
- {{{
- [IfModule !mod_rewrite.c]
- RewriteCond %{HTTPS} !=on
- RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [QSA,R=301,L]
- [/IfModule]
- }}}
- ''NOTE'': The ''HTTPS'' variable is always present, even if mod_ssl isn’t loaded!
- 
- 
- == Redirect everything served on port 80 to SSL ==
- {{{
- RewriteCond %{SERVER_PORT} ^80$
- RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,R=301,L]
- }}}
- 
- 
- == Changing to SSL or non-SSL using relative URLs ==
- {{{
- RewriteRule ^/(.*):SSL$   https://%{SERVER_NAME}/$1 [QSA,R,L]
- RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [QSA,R,L]
- }}}
- This lets you use URIs like:
- {{{
- /document.html:SSL    --> https://askapache.com/document.html
- /document.html:NOSSL  --> http://askapache.com/document.html
- }}}
-