You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by James Moe <ji...@sohnen-moe.com> on 2011/07/25 20:45:42 UTC

[users@httpd] RewriteRule acts differently for different browsers

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
  apache v2.0

  The reason for this redirection is that when I purchased the SSL
certificate, I did not know to get one for than the domain's URL,
<sohnen-moe.com>. A secure connection to <www.sohnen-moe.com> brings up
the warning about a possibly "untrusted site."

RewriteEngine on
RewriteCond %{HTTP_HOST} =www.sohnen-moe.com
RewriteRule ^/(.*)$ https://sohnen-moe.com/$1 [L,R]

 For the browsers Firefox v5 linux, Chrome v12.0 linux, Opera v11.5
linux, Semaonkey v2.1 os/2, Safari v5.0 windows, Internet Explorer v8, I
get different redirections for the URL <http://www.sohnen-moe.com/>.
  Firefox: http://sohnen-moe.com/////////////////////  <--Not a typo!
   Chrome: https://sohnen-moe.com/
    Opera: http://www.sohnen-moe.com/
Seamonkey: http://www.sohnen-moe.com/
   Safari: http://www.sohnen-moe.com/
IExplorer: http://www.sohnen-moe.com/

  Only Chrome redirected like I thought the rule indicates.
  Is this to be expected? It seems rather arbitrary.

- -- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4tudYACgkQzTcr8Prq0ZMbuACfSIF2sCA+FxLN/ZdSKM9iDm1j
YPIAnijNZgZjllIEWlMQXYFiNLePZv/l
=mnPn
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] RewriteRule acts differently for different browsers

Posted by Jeroen Geilman <je...@adaptr.nl>.

On 2011-07-25 22:49, James Moe wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/25/2011 12:14 PM, Jeroen Geilman wrote:
>> You should not use rewriting for this, it is entirely unnecessary
>> and only adds complexity. Instead, you add a new vhost for
>> www.sohnen-moe.com, and do a blank redirect to HTTPS.
>>
>    The ISP for our site has a<www.sohnen-moe.com>  URL "built-in." That
> is, I cannot create one since it already exists outside of my control.
>> I suspect that the above is using the highly dubious VirtualHost *
>> construct, which should die and burn in hell. If so, you are not
>> taking into account the possibility that the request is coming in
>> over HTTPS. Add another rewritecond that checks for it.
>>
>    Okay. I changed the rule to
> RewriteEngine on
> RewriteCond %{HTTP_HOST} =www.sohnen-moe.com
> RewriteCond %{SERVER_PORT} =80
> RewriteRule ^(.*)$ https://sohnen-moe.com/$1 [R,L]
>
>    Now no redirection occurs at all for any browser.
>
> Later:
>    Now it is working as expected for all browsers I have tested. I do not
> know what changed in the intervening half hour.

Browser caches expired.

--
J.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] RewriteRule acts differently for different browsers

Posted by James Moe <ji...@sohnen-moe.com>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/25/2011 12:14 PM, Jeroen Geilman wrote:
>> 
> You should not use rewriting for this, it is entirely unnecessary
> and only adds complexity. Instead, you add a new vhost for
> www.sohnen-moe.com, and do a blank redirect to HTTPS.
> 
  The ISP for our site has a <www.sohnen-moe.com> URL "built-in." That
is, I cannot create one since it already exists outside of my control.
> 
> I suspect that the above is using the highly dubious VirtualHost * 
> construct, which should die and burn in hell. If so, you are not
> taking into account the possibility that the request is coming in
> over HTTPS. Add another rewritecond that checks for it.
> 
  Okay. I changed the rule to
RewriteEngine on
RewriteCond %{HTTP_HOST} =www.sohnen-moe.com
RewriteCond %{SERVER_PORT} =80
RewriteRule ^(.*)$ https://sohnen-moe.com/$1 [R,L]

  Now no redirection occurs at all for any browser.

Later:
  Now it is working as expected for all browsers I have tested. I do not
know what changed in the intervening half hour.

- -- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4t1ugACgkQzTcr8Prq0ZNEKACgs+ROCG0NRtU2BgTKM+UZ0pIi
J1IAoJbUXZLpLmNUM+ojJW+JnmIu4A0i
=20ax
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] RewriteRule acts differently for different browsers

Posted by Jeroen Geilman <je...@adaptr.nl>.

On 2011-07-25 20:45, James Moe wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
>    apache v2.0
>
>    The reason for this redirection is that when I purchased the SSL
> certificate, I did not know to get one for than the domain's URL,
> <sohnen-moe.com>. A secure connection to<www.sohnen-moe.com>  brings up
> the warning about a possibly "untrusted site."

You should not use rewriting for this, it is entirely unnecessary and 
only adds complexity.
Instead, you add a new vhost for www.sohnen-moe.com, and do a blank 
redirect to HTTPS.

> RewriteEngine on
> RewriteCond %{HTTP_HOST} =www.sohnen-moe.com
> RewriteRule ^/(.*)$ https://sohnen-moe.com/$1 [L,R]
>
>   For the browsers Firefox v5 linux, Chrome v12.0 linux, Opera v11.5
> linux, Semaonkey v2.1 os/2, Safari v5.0 windows, Internet Explorer v8, I
> get different redirections for the URL<http://www.sohnen-moe.com/>.
>    Firefox: http://sohnen-moe.com/////////////////////<--Not a typo!
>     Chrome: https://sohnen-moe.com/
>      Opera: http://www.sohnen-moe.com/
> Seamonkey: http://www.sohnen-moe.com/
>     Safari: http://www.sohnen-moe.com/
> IExplorer: http://www.sohnen-moe.com/
>
>    Only Chrome redirected like I thought the rule indicates.
>    Is this to be expected? It seems rather arbitrary.

I suspect that the above is using the highly dubious VirtualHost * 
construct, which should die and burn in hell.
If so, you are not taking into account the possibility that the request 
is coming in over HTTPS.
Add another rewritecond that checks for it.




-- 
J.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org