httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shen.Y...@ny.frb.org
Subject [users@httpd] redirection, SSL, Internet Explorer
Date Tue, 16 Dec 2003 17:55:14 GMT
I wonder if somebody has faced a similar problem.

I need to redirect all unsecured connections (http) to a private section 
of our intranet to a secure connection (https). I am using 
RedirectPermanent directive to accomplish the redirection. The solution 
works fine with Mozilla Firebird. But It does not work with I.E. version 
5.50.

Using Mozilla Firebird, everything works fine:
1. user types http://hostname:88/privateArea in the location field
2. Mozilla presents user the certificate.
3. user accepts the certificate.
4. Mozilla prompts user for userid and password.
5. user enters valid userid and password.
6. as intended, request lands on https://hostname:444/privateArea  (this 
URL replaces unsecured URL in the location field of Mozilla)

Now, using I.E., if one types the same URL as above, this is what happens:
1. I.E. presents user the certificate.
2. user accepts the certificate.
3. I.E. prompts user for userid and password.
4. user enters valid userid and password.
5. I.E. respond with error page "Page cannot be displayed  ... Cannot find 
server or DNS Error" and the address field in I.E. is still 
http://hostname:88/privateArea
However, if the URL https://hostname:444/privateArea is typed directly 
into I.E., everything works fine: certificate is presented, user is 
prompted for userid/password and the intended page is shown.


Here are the relevant parts of my configuration (running apache 2.0.48 on 
Solaris 2.6):

httpd.conf file
...
Listen 88
Listen 8181
Include /path/to/ssl.conf
...
NameVirtualHost xxx.xxx.xxx:88
NameVirtualHost xxx.xxx.xxx:8181
<VirtualHost xxx.xxx.xxx:88>
      ServerName hostname:88
      DocumentRoot "/path/to/intranetDocumentRoot" 
     ...
      <Directory "/path/to/intranetPrivateArea">
              Options FollowSymLinks IncludesNOEXEC Indexes Multiviews
      </Directory> 
     Alias /privateArea "/path/to/intranetPrivateArea"
     RedirectPermanent /privateArea https://hostname:444/privateArea
</VirtualHost>
<VirtualHost xxx.xxx.xxx:8181>
     ServerName otherWebSite:8181
     DocumentRoot "/path/to/otherWebSite/documentRoot"
     ...
</VirtualHost>


ssl.conf file
...
Listen 444
...
<VirtualHost _default_:444>
      ServerName hostname:444
      DocumentRoot "/path/to/intranetDocumentRoot"
      SSLEngine on
      ...
      <Directory "/path/to/intranetPrivateArea">
              Options FollowSymLinks IncludesNOEXEC Indexes Multiviews
              Order Deny,Allow
              Allow from all
              AuthType Basic
              AuthName "Intranet Private Area"
              AuthUserFile "/path/to/password/file"
             Require valid-user
      </Directory> 
      Alias /privateArea "/path/to/intranetPrivateArea" 
</VirtualHost>

---------------------------------------------------------------------------------------------

Shen C. Yang

Information Technology Specialist
Federal Reserve Bank of New York - www.newyorkfed.org
Tel: (212) 720 2857
e-mail: shen.yang@ny.frb.org

Any comments or statements made in this transmission reflect the views of 
the sender and are not necessarily the views of the Federal Reserve Bank 
of New York.
Mime
View raw message