You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Nathaniel Hall <li...@spider-security.net> on 2007/05/23 20:54:37 UTC

[users@httpd] Redirect HTTPS page to HTTPS page

I have created a login page for a network of mine and am needing some 
Rewrite help.  Let me describe what is going on.

When you first connect to the network and visit an HTTP page, my rewrite 
rules redirect the user to https://dns-name-of-server/index.php.
When you first connect to the network and visit an HTTPS page, my 
rewrite rules redirect the user to the appropriate page, but do not 
change the URL.  Thus, the user receives an SSL certificate error 
because the name on the certificate does not match the name in the URL.

I have seen other users who have wanted to do this, but I have never 
found an answer.  Does anybody have any ideas as to how to get this to 
work without the certificate error?  Below is the code for my rewrite rules.

RewriteEngine On
RewriteCond %{HTTP_HOST}        !^auth\.server\.com$
RewriteRule (.*) https://auth.server.com/index.php [R=301,L]

I have also tried:

RewriteEngine On
RewriteCond %{SERVER_PORT}      ^443$
RewriteCond %{HTTP_HOST}        !^auth\.server\.com$
RewriteRule (.*) https://auth.server.com/index.php [R=301,L]

-- 
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Spider Security


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Redirect HTTPS page to HTTPS page

Posted by Nathaniel Hall <li...@spider-security.net>.

Joshua Slive wrote:
> On 5/23/07, Nathaniel Hall <li...@spider-security.net> wrote:
>
>> RewriteEngine On
>> RewriteCond %{HTTP_HOST}        !^auth\.server\.com$
>> RewriteRule (.*) https://auth.server.com/index.php [R=301,L]
>
> You're always going to get the cert error here, because ssl
> negotiation (including certificate verification) happens before any
> HTTP request headers are sent to apache. Further, apache can't know
> what hostname is being requested until it reads the Host from the HTTP
> request headers. So by the time it knows to redirect, the ssl
> negotiation and certificate error are long gone. (This is the same
> reason you can't do name-based virtual hosting with ssl.)
>
> So you either need to fix your links to point to auth.server.com or
> acquire a cert for the other hostnames.
>
> Joshua.
>
That is what I was afraid of.  Unfortunately, I cannot get a certificate 
for the other hostnames because I want to be able to redirect for any 
HTTPS site until the user logs in.  Thanks for the help.

-- 
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Spider Security


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Redirect HTTPS page to HTTPS page

Posted by Joshua Slive <jo...@slive.ca>.

On 5/23/07, Nathaniel Hall <li...@spider-security.net> wrote:

> RewriteEngine On
> RewriteCond %{HTTP_HOST}        !^auth\.server\.com$
> RewriteRule (.*) https://auth.server.com/index.php [R=301,L]

You're always going to get the cert error here, because ssl
negotiation (including certificate verification) happens before any
HTTP request headers are sent to apache. Further, apache can't know
what hostname is being requested until it reads the Host from the HTTP
request headers. So by the time it knows to redirect, the ssl
negotiation and certificate error are long gone. (This is the same
reason you can't do name-based virtual hosting with ssl.)

So you either need to fix your links to point to auth.server.com or
acquire a cert for the other hostnames.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org