You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by John Oliver <jo...@john-oliver.net> on 2010/02/19 00:01:06 UTC
[users@httpd] RewriteCond question
I'm dealing with a site that is accessed via https://domain.gov The
certificate is for "domain.gov" I akready have a working rule to catch
http://domain.gov/ and rewrite to https://domain.gov/ I also got
http://www.domain.gov/ caught and rewritten with:
RewriteCond %{http_host} ^www\.domain\.gov [NC]
RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
However, attempts to access https://www.domain.gov/ are still an issue.
I tried:
RewriteCond %{https} ^www\.domain\.gov [NC]
RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
But that didn't work (I didn't really expect it to, but it was worth a
try!)
What magic sauce do I need to catch and rewrite that attempt?
--
***********************************************************************
* John Oliver http://www.john-oliver.net/ *
* *
***********************************************************************
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RewriteCond question
Posted by Tom Evans <te...@googlemail.com>.
On Fri, Feb 19, 2010 at 12:29 AM, James Smallacombe <up...@3.am> wrote:
> On Thu, 18 Feb 2010, John Oliver wrote:
>
>> On Thu, Feb 18, 2010 at 06:14:33PM -0500, James Smallacombe wrote:
>>>
>>> On Thu, 18 Feb 2010, John Oliver wrote:
>>>
>>>> I'm dealing with a site that is accessed via https://domain.gov The
>>>> certificate is for "domain.gov" I akready have a working rule to catch
>>>> http://domain.gov/ and rewrite to https://domain.gov/ I also got
>>>> http://www.domain.gov/ caught and rewritten with:
>>>>
>>>> RewriteCond %{http_host} ^www\.domain\.gov [NC]
>>>> RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
>>>>
>>>> However, attempts to access https://www.domain.gov/ are still an issue.
>>>> I tried:
>>>>
>>>> RewriteCond %{https} ^www\.domain\.gov [NC]
>>>> RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
>>>>
>>>> But that didn't work (I didn't really expect it to, but it was worth a
>>>> try!)
>>>>
>>>> What magic sauce do I need to catch and rewrite that attempt?
>>>
>>> I just dealt with a similar issue regarding two different certificates.
>>> Try this:
>>>
>>> Options +FollowSymlinks
>>> RewriteEngine on
>>> RewriteCond %{http_host} ^www\.domain\.gov$ [NC]
>>> RewriteRule ^(.*)$ https://domain.gov$ [R=301,NC]
>>
>> Nope... https://www.domain.gov/ still gives a certificate error.
>
> Interesting...in my case, it works perfectly redirecting between two
> different ssl certificate virtual hosts. However, both of my certs are
> valid...is it possible that the certificate error kicks in before the
> redirect happens?
>
> James Smallacombe PlantageNet, Inc. CEO and Janitor
> up@3.am http://3.am
Yes, what you are trying to do is impossible. If a user accesses
www.domain.gov over SSL, then you will get a certificate error if you
do not have a valid SSL certificate - even if all you want to do is
redirect them to the correct site.
You will either need a new certificate for www.domain.gov, or convince
your registrar to give you a wildcard certificate for *.domain.gov, or
one with multiple subjectAltName properties (see #1)
Cheers
Tom
#1: http://www.crsr.net/Notes/Apache-HTTPS-virtual-host.html
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RewriteCond question
Posted by John Oliver <jo...@john-oliver.net>.
On Fri, Feb 19, 2010 at 09:53:11PM +1100, Martin Barry wrote:
> $quoted_author = "James Smallacombe" ;
> > >
> > >Nope... https://www.domain.gov/ still gives a certificate error.
> >
> > Interesting...in my case, it works perfectly redirecting between two
> > different ssl certificate virtual hosts. However, both of my certs
> > are valid...is it possible that the certificate error kicks in
> > before the redirect happens?
>
> That's exactly what is happening.
>
> The virtualhost used to serve an SSL connection is based on IP because the
> Host header is not readable till *after* decryption.
>
> John, you are going to have to live with the certificate error, try to get a
> certificate with www.domain.gov as a "subject alternative name" [1] or put
> your faith in SNI [2].
I was afraid of that.
Thanks for the help, all.
--
***********************************************************************
* John Oliver http://www.john-oliver.net/ *
* *
***********************************************************************
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RewriteCond question
Posted by Martin Barry <ma...@supine.com>.
$quoted_author = "James Smallacombe" ;
> >
> >Nope... https://www.domain.gov/ still gives a certificate error.
>
> Interesting...in my case, it works perfectly redirecting between two
> different ssl certificate virtual hosts. However, both of my certs
> are valid...is it possible that the certificate error kicks in
> before the redirect happens?
That's exactly what is happening.
The virtualhost used to serve an SSL connection is based on IP because the
Host header is not readable till *after* decryption.
John, you are going to have to live with the certificate error, try to get a
certificate with www.domain.gov as a "subject alternative name" [1] or put
your faith in SNI [2].
cheers
Marty
[1] http://library.linode.com/ssl-guides/subject-alt-name-ssl
[2] http://en.wikipedia.org/wiki/Server_Name_Indication
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RewriteCond question
Posted by James Smallacombe <up...@3.am>.
On Thu, 18 Feb 2010, John Oliver wrote:
> On Thu, Feb 18, 2010 at 06:14:33PM -0500, James Smallacombe wrote:
>> On Thu, 18 Feb 2010, John Oliver wrote:
>>
>>> I'm dealing with a site that is accessed via https://domain.gov The
>>> certificate is for "domain.gov" I akready have a working rule to catch
>>> http://domain.gov/ and rewrite to https://domain.gov/ I also got
>>> http://www.domain.gov/ caught and rewritten with:
>>>
>>> RewriteCond %{http_host} ^www\.domain\.gov [NC]
>>> RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
>>>
>>> However, attempts to access https://www.domain.gov/ are still an issue.
>>> I tried:
>>>
>>> RewriteCond %{https} ^www\.domain\.gov [NC]
>>> RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
>>>
>>> But that didn't work (I didn't really expect it to, but it was worth a
>>> try!)
>>>
>>> What magic sauce do I need to catch and rewrite that attempt?
>>
>> I just dealt with a similar issue regarding two different certificates.
>> Try this:
>>
>> Options +FollowSymlinks
>> RewriteEngine on
>> RewriteCond %{http_host} ^www\.domain\.gov$ [NC]
>> RewriteRule ^(.*)$ https://domain.gov$ [R=301,NC]
>
> Nope... https://www.domain.gov/ still gives a certificate error.
Interesting...in my case, it works perfectly redirecting between two
different ssl certificate virtual hosts. However, both of my certs are
valid...is it possible that the certificate error kicks in before the
redirect happens?
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
=========================================================================
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RewriteCond question
Posted by John Oliver <jo...@john-oliver.net>.
On Thu, Feb 18, 2010 at 06:14:33PM -0500, James Smallacombe wrote:
> On Thu, 18 Feb 2010, John Oliver wrote:
>
> >I'm dealing with a site that is accessed via https://domain.gov The
> >certificate is for "domain.gov" I akready have a working rule to catch
> >http://domain.gov/ and rewrite to https://domain.gov/ I also got
> >http://www.domain.gov/ caught and rewritten with:
> >
> >RewriteCond %{http_host} ^www\.domain\.gov [NC]
> >RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
> >
> >However, attempts to access https://www.domain.gov/ are still an issue.
> >I tried:
> >
> >RewriteCond %{https} ^www\.domain\.gov [NC]
> >RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
> >
> >But that didn't work (I didn't really expect it to, but it was worth a
> >try!)
> >
> >What magic sauce do I need to catch and rewrite that attempt?
>
> I just dealt with a similar issue regarding two different certificates.
> Try this:
>
> Options +FollowSymlinks
> RewriteEngine on
> RewriteCond %{http_host} ^www\.domain\.gov$ [NC]
> RewriteRule ^(.*)$ https://domain.gov$ [R=301,NC]
Nope... https://www.domain.gov/ still gives a certificate error.
--
***********************************************************************
* John Oliver http://www.john-oliver.net/ *
* *
***********************************************************************
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RewriteCond question
Posted by James Smallacombe <up...@3.am>.
On Thu, 18 Feb 2010, John Oliver wrote:
> I'm dealing with a site that is accessed via https://domain.gov The
> certificate is for "domain.gov" I akready have a working rule to catch
> http://domain.gov/ and rewrite to https://domain.gov/ I also got
> http://www.domain.gov/ caught and rewritten with:
>
> RewriteCond %{http_host} ^www\.domain\.gov [NC]
> RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
>
> However, attempts to access https://www.domain.gov/ are still an issue.
> I tried:
>
> RewriteCond %{https} ^www\.domain\.gov [NC]
> RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
>
> But that didn't work (I didn't really expect it to, but it was worth a
> try!)
>
> What magic sauce do I need to catch and rewrite that attempt?
I just dealt with a similar issue regarding two different certificates.
Try this:
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{http_host} ^www\.domain\.gov$ [NC]
RewriteRule ^(.*)$ https://domain.gov$ [R=301,NC]
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
=========================================================================
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org