You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Clay Porter <cl...@gmail.com> on 2011/12/27 21:55:12 UTC
[users@httpd] Forcing certain pages from HTTP to HTTPS and vice versa
I am trying to set up rewrite rules so that when users access certain
pages via HTTP they are redirected to HTTPS. Conversely, if they
access pages that do not require security I want the user to be
redirected from HTTPS to HTTP.
I have looked at numerous examples and read the rewrite rule
documentation to no avail. No matter what I've tried once a user is
on HTTPS they are never redirected back to HTTP.
FWIW, the HTTP to HTTPS portion appears to work and I can see the
activity in the rewrite log.
I'm running the binary distribution of Apache httpd Server version:
Apache/2.2.21 (Win32) with mod_ssl. I've included the relevant
section of my httpd.conf below. The httpd.conf file is the stock one
from the distribution with the necessary modules enabled so I didn't
include the whole thing here.
RewriteEngine On
RewriteLog logs/rewrite.log
RewriteLogLevel 3
#RewriteCond %{HTTPS} off
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/secure/(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
#RewriteCond %{HTTPS} on
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} !secure(.*)$
RewriteRule !^/secure/(.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R]
I apologize for the n00b question but I've spent a lot of time trying
to figure this out for myself. I'm hoping someone will be able to
help me with this.
Regards,
Clay
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Forcing certain pages from HTTP to HTTPS and vice versa
Posted by Igor Cicimov <ic...@gmail.com>.
Also the rules for HTTPS-->HTTP should be in your HTTPS VirtualHost
section. How does your ssl configuration look like?
On Wed, Dec 28, 2011 at 10:18 AM, Igor Cicimov <ic...@gmail.com> wrote:
> Try removing this line
>
> RewriteCond %{REQUEST_URI} !secure(.*)$
>
> Igor
>
> On Wed, Dec 28, 2011 at 7:55 AM, Clay Porter <cl...@gmail.com>wrote:
>
>> I am trying to set up rewrite rules so that when users access certain
>> pages via HTTP they are redirected to HTTPS. Conversely, if they
>> access pages that do not require security I want the user to be
>> redirected from HTTPS to HTTP.
>>
>> I have looked at numerous examples and read the rewrite rule
>> documentation to no avail. No matter what I've tried once a user is
>> on HTTPS they are never redirected back to HTTP.
>>
>> FWIW, the HTTP to HTTPS portion appears to work and I can see the
>> activity in the rewrite log.
>>
>> I'm running the binary distribution of Apache httpd Server version:
>> Apache/2.2.21 (Win32) with mod_ssl. I've included the relevant
>> section of my httpd.conf below. The httpd.conf file is the stock one
>> from the distribution with the necessary modules enabled so I didn't
>> include the whole thing here.
>>
>> RewriteEngine On
>> RewriteLog logs/rewrite.log
>> RewriteLogLevel 3
>> #RewriteCond %{HTTPS} off
>> RewriteCond %{SERVER_PORT} !^443$
>> RewriteRule ^/secure/(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
>> #RewriteCond %{HTTPS} on
>> RewriteCond %{SERVER_PORT} ^443$
>> RewriteCond %{REQUEST_URI} !secure(.*)$
>> RewriteRule !^/secure/(.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R]
>>
>> I apologize for the n00b question but I've spent a lot of time trying
>> to figure this out for myself. I'm hoping someone will be able to
>> help me with this.
>>
>> Regards,
>>
>> Clay
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
Re: [users@httpd] Forcing certain pages from HTTP to HTTPS and vice versa
Posted by Igor Cicimov <ic...@gmail.com>.
Try removing this line
RewriteCond %{REQUEST_URI} !secure(.*)$
Igor
On Wed, Dec 28, 2011 at 7:55 AM, Clay Porter <cl...@gmail.com> wrote:
> I am trying to set up rewrite rules so that when users access certain
> pages via HTTP they are redirected to HTTPS. Conversely, if they
> access pages that do not require security I want the user to be
> redirected from HTTPS to HTTP.
>
> I have looked at numerous examples and read the rewrite rule
> documentation to no avail. No matter what I've tried once a user is
> on HTTPS they are never redirected back to HTTP.
>
> FWIW, the HTTP to HTTPS portion appears to work and I can see the
> activity in the rewrite log.
>
> I'm running the binary distribution of Apache httpd Server version:
> Apache/2.2.21 (Win32) with mod_ssl. I've included the relevant
> section of my httpd.conf below. The httpd.conf file is the stock one
> from the distribution with the necessary modules enabled so I didn't
> include the whole thing here.
>
> RewriteEngine On
> RewriteLog logs/rewrite.log
> RewriteLogLevel 3
> #RewriteCond %{HTTPS} off
> RewriteCond %{SERVER_PORT} !^443$
> RewriteRule ^/secure/(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
> #RewriteCond %{HTTPS} on
> RewriteCond %{SERVER_PORT} ^443$
> RewriteCond %{REQUEST_URI} !secure(.*)$
> RewriteRule !^/secure/(.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R]
>
> I apologize for the n00b question but I've spent a lot of time trying
> to figure this out for myself. I'm hoping someone will be able to
> help me with this.
>
> Regards,
>
> Clay
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>