httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leif W" <warp-...@usa.net>
Subject Re: [users@httpd] Forcing SSL?
Date Mon, 18 Aug 2003 19:28:10 GMT
It's cool.  I guess I didn't make it clear in my initial response that I was
using Apache2, when it wouldn't have worked in Apache 1.3.  It's been a long
time since I used Apache 1.3, and I was just learning the basics then (how
to compile, install, get a standalone running, basic vhosts), so I'm not
really familiar with the differences, but this is a significant one for
sure.  I've been using Apache 2.0 on win32 for over a year (basically out of
laziness, just grabbing the prebuilt exe installer) but decided to start
playing with SSL this weekend, so instead of building a whole win32 GNU
environment to recompile Apache, I just went back over to Debian GNU/Linux,
which I'm already comfortable with and have been running for years.

Leif

----- Original Message ----- 
From: "Ben Ricker" <bricker@wellinx.com>
To: <users@httpd.apache.org>
Sent: Monday, August 18, 2003 3:00 PM
Subject: Re: [users@httpd] Forcing SSL?


> My mistake Leif. I was thinking 1.3.x, not 2.0.x. I read the examples
> but spaced on what you said happened when you typed those in.
>
> On 1.3.x, mod_rewrite does what you are talking about. The redirect only
> works on the URL you put there, not ALL paths under that URL. Looks like
> a good feature enhancement for Apache 2!
>
> Sorry about that....
>
> Ben Ricker
>
> On Mon, 2003-08-18 at 13:43, Leif W wrote:
> > ----- Original Message ----- 
> > From: "Ben Ricker" <bricker@wellinx.com>
> > To: <users@httpd.apache.org>
> > Sent: Monday, August 18, 2003 2:21 PM
> > Subject: RE: [users@httpd] Forcing SSL?
> >
> >
> > > On Mon, 2003-08-18 at 13:10, Peters, Michael D. wrote:
> > > > Thanks,
> > > >
> > > > I'll try that. That seems better than just not listening on 80.
> > >
> > > I just close 80 and use 443.
> > >
> > > Would the redirect below only work for requests for '/'? So, for
> > > instance, I could try to access /docs on port 80; would that get
> > > redirected correctly? I do not think so; I believe I would get the
index
> > > file from /docs served unencrypted. If I am right, it will only work
if
> > > someone types the URL with no pathing.
> >
> > As stated in my EXAMPLE 2, the rest of the URL after the initial / is
tacked
> > on, at least on my test server running Apache2, I would not have written
> > that into my response message if it were not true.  Please try it and
see
> > before commenting, maybe it doesn't work in older versions or on
different
> > platforms or something, but it worked like mentioned on Debian
GNU/Linux,
> > Apache2.  On further testing anything after a '#' gets chopped, but
> > everything after a '?' is left alone (except of course if there's a '#'
> > after the '?').  There may be other characters that get scrubbed, I've
not
> > done an exhaustive test yet or had a chance to review the docs.
> >
> > I compiled all modules, so is there a chance a module is automatically
doing
> > the rewrite without my specifying any directives?  There's also a
> > RedirectMatch Directive which allows you to specify a redirect, status,
> > regular expresion, and URL.  See:
> > http://httpd.apache.org/docs-2.0/mod/mod_alias.html#redirectmatch .  See
> > http://httpd.apache.org/docs-2.0/misc/rewriteguide.html if Redirect or
> > RedirectMatch won't work for you.
> >
> > Leif
> >
> > > The second most secure way to do it is with mod_rewrite. Not sure the
> > > best syntax, however.
> > >
> > > Ben Ricker
> > >
> > >
> > > > -----Original Message-----
> > > > From: Leif W [mailto:warp-9.9@usa.net]
> > > > Sent: Monday, August 18, 2003 1:55 PM
> > > > To: users@httpd.apache.org
> > > > Subject: Re: [users@httpd] Forcing SSL?
> > > >
> > > >
> > > > ----- Begin Original Message ----- 
> > > > From: Peters, Michael D.
> > > > To: Users@Httpd. Apache. Org (E-mail)
> > > > Sent: Monday, August 18, 2003 1:32 PM
> > > > Subject: [users@httpd] Forcing SSL?
> > > >
> > > >
> > > > What is the recommended method of forcing only https connections?
> > > > Best regards,
> > > > Michael D. Peters
> > > > ----- End Original Message ----- 
> > > >
> > > > Hello,
> > > >
> > > > Please send future messages as plain text, as most users dislike
them
> > and it
> > > > may munge the web-archives or something.
> > > >
> > > > I'm not sure if this is the best way, but I've used a permanent
redirect
> > on
> > > > my test site.  Set up a virtual host listening on port 80 to catch
and
> > log
> > > > http requests, and do a permanent redirect to https.  See EXAMPLE 1
> > below.
> > > > This seems to also automagically tack on anything after the / , see
> > EXAMPLE
> > > > 2 below.  Hope this helps, and if anything I say is incorrect or not
> > > > recommended, I'm sure someone(s?) will point that out and offer an
> > > > alternative(s).
> > > >
> > > > Leif
> > > >
> > > > ================
> > > > EXAMPLE 1
> > > > ================
> > > >
> > > > NameVirtualHost *:80
> > > > <VirtualHost *:80>
> > > >     ServerName www.site1.net
> > > >     # ServerAdmin, Log declarations
> > > >     RedirectPermanent / https://www.site1.net/
> > > > </VirtualHost>
> > > >
> > > > <IfDefine SSL>
> > > > Listen 443
> > > > NameVirtualHost *:443
> > > > <VirtualHost *:443>
> > > >     ServerName www.site1.net
> > > >     # ServerAdmin, Logs, DocumentRoot, Directory
> > > >     # SSL specific options copied from the ssl.conf
> > > > </VirtualHost>
> > > >
> > > > ================
> > > > EXAMPLE 2
> > > > ================
> > > >
> > > > URL typed in browser or referenced by a page:
> > > >
> > > >     http://www.site1.net/
> > > >
> > > > (apache tells the browser to permanently redirect to the https site)
> > > >
> > > > URL now visible in browser:
> > > >     https://www.site1.net/
> > > >
> > > > URL typed in browser or referenced by a page:
> > > >
> > > >     http://www.site1.net/some/path/to/page.php
> > > >
> > > > (apache tells the browser to permanently redirect to the https site)
> > > >
> > > > URL now visible in browser:
> > > >
> > > >     https://www.site1.net/some/path/to/page.php
> > > >
> > > >
> > > >
> > > >
> > >
> ---------------------------------------------------------------------
> > > > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > > For additional commands, e-mail: users-help@httpd.apache.org
> > > >
> > >
> ---------------------------------------------------------------------
> > > > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > > For additional commands, e-mail: users-help@httpd.apache.org
> > > >
> > > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server
Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> > >
> > >
> >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message