[users@httpd] http to https

[Tim DeBoer <td...@gmail.com>]

Hi everyone,
I've been playing around with SSL and want to set up apache to automagically
handle traffic as https, rather than http on the SSL enabled sites.

For example if I type in secure.foo.com, I want apache to read/load it as
https://secure.foo.com in my browser. Right now it just loads as
http://secure.foo.com.
If I use https://secure.foo.com it works properly of course.

I have mod_rewrite installed, and it works to redirect http traffic, but I
can't get it to work in this case. This is the rewrite rule I'm using:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(secure\.)?.foo.com [NC]
RewriteRule . https://secure.foo.com/ [L]

I'm not sure, but I would imagine it's something in the rewrite rule that's
messed up, but I can't seem to figure it out. It might also be something in
my SSL config for all I know.

Any suggestions?

Thanks everyone  :)

-- 
Tim DeBoer

Re: [users@httpd] http to https

[Brian Mearns <me...@gmail.com>]

On Sat, Mar 21, 2009 at 4:52 AM, Davide Bianchi
<da...@walterisookeensufferukker.nl> wrote:
> Tim DeBoer wrote:
>> For example if I type in secure.foo.com <http://secure.foo.com>, I want
>> apache to read/load it as https://secure.foo.com in my browser.
>
> What you need is to setup an http site 'secure.foo.com' that
> automatically redirect to the https site.
> Somethig like
>
> <VirtualHost *:80>
>        Servername secure.foo.com
>        RedirectPermanent / https://secure.foo.com/
> </VirtualHost>
>
> Davide
>
> --
> I have replaced NT with Linux.
> Linux -- heir of the byte that dogged me.
>   -- Allan Willis
>

You can do it with a rewrite rule, too, your is just wrong. First, the
pattern in your rule is . which will match any one character, so it
will only match requests with a single character in the path. To match
anything, you want "^(.*)$", then you want to put "$1" at the end of
your rewrite substitution, so that the path they requested gets
appended to the rewritten request.

Second, you want to do a full redirect, not just a rewrite. Rewriting
is internal only and won't cause the client to connect securely. To
turn the rewrite rule into a redirect, add the [R] flag. If this is a
permanent set up, you should make it [R=301].

Finally, the way you have it set up, this will probably cause an
infinite redirect because you haven't filtered out requests that are
already https. Check the RewriteCond documentation, there's some way
to check this. You only want to apply your rewrite if it isn't already
https.

Anyway, Davide's suggestion is probably simpler.

-Brian

-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] http to https

[Davide Bianchi <da...@walterisookeensufferukker.nl>]

Tim DeBoer wrote:
> For example if I type in secure.foo.com <http://secure.foo.com>, I want
> apache to read/load it as https://secure.foo.com in my browser.

What you need is to setup an http site 'secure.foo.com' that
automatically redirect to the https site.
Somethig like

<VirtualHost *:80>
	Servername secure.foo.com
	RedirectPermanent / https://secure.foo.com/
</VirtualHost>

Davide

-- 
I have replaced NT with Linux.
Linux -- heir of the byte that dogged me.
   -- Allan Willis

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org