httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Ricker <bric...@wellinx.com>
Subject Re: [users@httpd] Forcing SSL?
Date Mon, 18 Aug 2003 19:00:36 GMT
My mistake Leif. I was thinking 1.3.x, not 2.0.x. I read the examples
but spaced on what you said happened when you typed those in.

On 1.3.x, mod_rewrite does what you are talking about. The redirect only
works on the URL you put there, not ALL paths under that URL. Looks like
a good feature enhancement for Apache 2!

Sorry about that....

Ben Ricker

On Mon, 2003-08-18 at 13:43, Leif W wrote:
> ----- Original Message ----- 
> From: "Ben Ricker" <bricker@wellinx.com>
> To: <users@httpd.apache.org>
> Sent: Monday, August 18, 2003 2:21 PM
> Subject: RE: [users@httpd] Forcing SSL?
> 
> 
> > On Mon, 2003-08-18 at 13:10, Peters, Michael D. wrote:
> > > Thanks,
> > >
> > > I'll try that. That seems better than just not listening on 80.
> >
> > I just close 80 and use 443.
> >
> > Would the redirect below only work for requests for '/'? So, for
> > instance, I could try to access /docs on port 80; would that get
> > redirected correctly? I do not think so; I believe I would get the index
> > file from /docs served unencrypted. If I am right, it will only work if
> > someone types the URL with no pathing.
> 
> As stated in my EXAMPLE 2, the rest of the URL after the initial / is tacked
> on, at least on my test server running Apache2, I would not have written
> that into my response message if it were not true.  Please try it and see
> before commenting, maybe it doesn't work in older versions or on different
> platforms or something, but it worked like mentioned on Debian GNU/Linux,
> Apache2.  On further testing anything after a '#' gets chopped, but
> everything after a '?' is left alone (except of course if there's a '#'
> after the '?').  There may be other characters that get scrubbed, I've not
> done an exhaustive test yet or had a chance to review the docs.
> 
> I compiled all modules, so is there a chance a module is automatically doing
> the rewrite without my specifying any directives?  There's also a
> RedirectMatch Directive which allows you to specify a redirect, status,
> regular expresion, and URL.  See:
> http://httpd.apache.org/docs-2.0/mod/mod_alias.html#redirectmatch .  See
> http://httpd.apache.org/docs-2.0/misc/rewriteguide.html if Redirect or
> RedirectMatch won't work for you.
> 
> Leif
> 
> > The second most secure way to do it is with mod_rewrite. Not sure the
> > best syntax, however.
> >
> > Ben Ricker
> >
> >
> > > -----Original Message-----
> > > From: Leif W [mailto:warp-9.9@usa.net]
> > > Sent: Monday, August 18, 2003 1:55 PM
> > > To: users@httpd.apache.org
> > > Subject: Re: [users@httpd] Forcing SSL?
> > >
> > >
> > > ----- Begin Original Message ----- 
> > > From: Peters, Michael D.
> > > To: Users@Httpd. Apache. Org (E-mail)
> > > Sent: Monday, August 18, 2003 1:32 PM
> > > Subject: [users@httpd] Forcing SSL?
> > >
> > >
> > > What is the recommended method of forcing only https connections?
> > > Best regards,
> > > Michael D. Peters
> > > ----- End Original Message ----- 
> > >
> > > Hello,
> > >
> > > Please send future messages as plain text, as most users dislike them
> and it
> > > may munge the web-archives or something.
> > >
> > > I'm not sure if this is the best way, but I've used a permanent redirect
> on
> > > my test site.  Set up a virtual host listening on port 80 to catch and
> log
> > > http requests, and do a permanent redirect to https.  See EXAMPLE 1
> below.
> > > This seems to also automagically tack on anything after the / , see
> EXAMPLE
> > > 2 below.  Hope this helps, and if anything I say is incorrect or not
> > > recommended, I'm sure someone(s?) will point that out and offer an
> > > alternative(s).
> > >
> > > Leif
> > >
> > > ================
> > > EXAMPLE 1
> > > ================
> > >
> > > NameVirtualHost *:80
> > > <VirtualHost *:80>
> > >     ServerName www.site1.net
> > >     # ServerAdmin, Log declarations
> > >     RedirectPermanent / https://www.site1.net/
> > > </VirtualHost>
> > >
> > > <IfDefine SSL>
> > > Listen 443
> > > NameVirtualHost *:443
> > > <VirtualHost *:443>
> > >     ServerName www.site1.net
> > >     # ServerAdmin, Logs, DocumentRoot, Directory
> > >     # SSL specific options copied from the ssl.conf
> > > </VirtualHost>
> > >
> > > ================
> > > EXAMPLE 2
> > > ================
> > >
> > > URL typed in browser or referenced by a page:
> > >
> > >     http://www.site1.net/
> > >
> > > (apache tells the browser to permanently redirect to the https site)
> > >
> > > URL now visible in browser:
> > >     https://www.site1.net/
> > >
> > > URL typed in browser or referenced by a page:
> > >
> > >     http://www.site1.net/some/path/to/page.php
> > >
> > > (apache tells the browser to permanently redirect to the https site)
> > >
> > > URL now visible in browser:
> > >
> > >     https://www.site1.net/some/path/to/page.php
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server
> Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> > > ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server
> Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message