httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n...@daimlerchrysler.com
Subject RE: [users@httpd] mod_rewrite help
Date Wed, 21 May 2003 16:17:15 GMT



|For example if you go to http://mydomain.com, it works beautifully
rewriting
|to https://www.mydomain.com. However, it you go to https://mydomain.com
|it doesn't tack on the www., and consequently, the security alert pops
|up.

Does it tack on the www. after the security alert? Your certificate is
going to be specific to the DNS name of the site, www.mydomain.com in this
case, and the SSL handshake has to happen before mod_rewrite can evaluate
and redirect so there is no avoiding the security alert. Unless you had
mydomain.com resolve to once Apache instance with a cert for mydomain.com
that redirected to www.mydomain.com which would be another Apache instance
with a different SSL cert. You might be able to accomplish this with IP
based Virtual Hosts as well but you'd still need another certificate.

-Norm
|-----------------------------+-------------------------------------------|
|   "Beau Hebert"             |                                           |
|   <bhebert@c-quential.com>  |                                           |
|                             |                                         To|
|   05/21/2003 12:06 PM       |                                 <users@htt|
|                             |                                 pd.apache.|
|         Please respond to   |                                 org>      |
|      users@httpd.apache.org |                                         cc|
|                             |                                           |
|                             |                                    Subject|
|                             |                                 RE:       |
|                             |                                 [users@htt|
|                             |                                 pd]       |
|                             |                                 mod_rewrit|
|                             |                                 e help    |
|                             |                                           |
|                             |                                           |
|                             |                                           |
|                             |                                           |
|                             |                                           |
|                             |                                           |
|-----------------------------+-------------------------------------------|








The rule does work in that it rewrites all HTTP requests to https://www.
The problem is that it won't tack on www. to a https:// request. For
example if you go to http://mydomain.com, it works beautifully rewriting
to https://www.mydomain.com. However, it you go to https://mydomain.com
it doesn't tack on the www., and consequently, the security alert pops
up. So, I guess what I need in addition to the rule that is written is
for all individual https://mydomain.com requests written to
https://wwwmydomain.com. The current rule doesn't seem to affect this.

RewriteEngine On
RewriteRule ^(.*)$ https://www.mydomain.com$1 [R]

All of this code is written in the Port 80 Virtual Host
Any other suggestions?

Thanks again

Beau


-----Original Message-----
From: Paul Simon [mailto:wreckmybike@yahoo.com]
Sent: Wednesday, May 21, 2003 11:40 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] mod_rewrite help

I think what you are doing already solves the problem,
redirect (internally) everything to https://www...

I'd imagine putting an [R] on the rewrite rule might
force an external redirect to the www address,
stopping the alert.

-Paul

--- Beau Hebert <bhebert@c-quential.com> wrote:
> First, a big thanks to all out in Apacheland for
> helping me rewrite
> incoming http requests to https. It works like a
> charm. But, as usual,
> one success has led to another obstacle.
>
> As mentioned, all incoming HTTP requests are
> rewritten to HTTPS using
> mod_rewrite with the following code (thanks again
> Jurgen):
>
> RewriteEngine On
> RewriteRule ^(.*)$ https://www.mydomain.com$1
>
> As a consequence to having all requests being HTTPS
> I also need to have
> all incoming requests contain www (i.e.
> https://www.mydomain.com/login.php  rather than
> simply
> https://mydomain.com/login.php), otherwise the user
> receives an alert
> that the name on the Certificate doesn't match the
> website. This is
> because the Secure Certificate is registered to the
> fully qualified
> domain. So, my question: is there a way (either
> augmenting the code
> above or including new code) so that if someone were
> to type
> http://mydomnain.com/anypage.jsp, it would be
> rewritten to
> https://www.mydomain.com/anypage.jsp.
>
> Thanks.
> Beau
>
>
>
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
>    "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
>


=====
=====
'Ideals are like stars. We may never reach them, but we use them to
chart our course.' -- Unknown
=====
"Do not go where the path may lead, go instead where there is no path
and leave a trail" -- Ralph Waldo Emerson.
=====

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
  "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
  "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org






---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message