httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sanjay tripathi <sanjoy_...@yahoo.com>
Subject Re: [users@httpd] How to direct http to https
Date Thu, 23 Feb 2006 03:49:29 GMT
Hi  Scenario: You've changed the location/path of a webpage on your server, but you don't want
to break links to the old location. You could just use symlinks, but you want the new URL
to appear in the user's browser so that new links/bookmarks point to the new, real location
of your page.   AND/OR you want requests to http://www.domain.com/sensitive.html to be redirected
to the https:// (SSL) version of that page. Especially if that page is in an Apache realm
that requires a login, and you want the login to be encrypted.   This guide will explain how
to do both of those things.   Step 1: Make sure mod_rewrite is being loaded; in other words,
make sure that /etc/httpd/conf/httpd.conf contains the line: 
LoadModule rewrite_module modules/mod_rewrite.so  
  Step 2: Back up and then edit httpd.conf (you will need to be root). If you're using VirtualHost
directives (see link), then find the VirtualHost block that corresponds to the url you want
to rewrite. Otherwise put it in wherever you set the options for your site, or put it in a
separate Directory block -- whatever you prefer. Add the line: 
RewriteEngine On  
Also, if it's not already set, you will need to add: 
Options +FollowSymlinks  
  Step 3: Rules. If you're a regex king then you can get all kinds of fancy with these. I
am just going to post a couple of simple example here: 
RewriteRule ^/oldpath/(.*)$ /newpath/$1 [R]  
In other words, http://www.domain.com/oldpath followed by anything -- /oldpath/oldpage.html,
/oldpath/index.php, or just /oldpath/ by itself -- will be rewritten to http://www.domian.com/newpath
(followed by whatever followed the original URL). The R in brackets means "rewrite the URL
in the user's browser." You can do "invisible" rewrites by leaving this off. 
RewriteRule ^(.*)\.html$ $1.php [R=permanent]  
This is nice for when you re-do your entire website in php, but you don't want to break links
to http://www.yoursite.com/somepage.html.   SSL Redirects: Are more complicated than that.
In httpd.conf you make the (relatively-straightforward) rule, preceded by a conditional: 
RewriteCond   %{SERVER_PORT}  !^443$  RewriteRule ^/secret(.*)$ https://www.domain.com/secret/$1
[L,R]  
The RewriteCond line says, "if the request is not already going to port 443 (the https port),
then rewrite it." This prevents the server from doing redundant rewrites on URLs that are
already correct. The rule itself is very similar to the previous example, except that it rewrites
with the whole domain name so that it can include the https: part. The bracketed R is explained
above, the additional L means "last rule" which I guess tells Apache to stop running the rewrite
module or something. I really don't know.   But you're not done yet. Now you need to edit
/etc/httpd/conf.d/ssl.conf. We're assuming here that you've already got certificates configured
and whatnot (https: actually works). Here's what my Directory block looks like: 
<Directory "/home/www.domain.com/html/secret/">          Options +Indexes          SSLOptions
          +StrictRequire          SSLRequire           %{SSL_CIPHER_USEKEYSIZE} >= 128
         Order deny,allow          deny from all                  ########          # These
next five lines are for requiring an Apache login          AuthType Basic          AllowOverride
AuthConfig          AuthUserFile /etc/httpd/conf/users          AuthName "Restricted Area"
         require valid-user          ########          satisfy any  </Directory>  
If you're not using Apache realm authentication, then leave out those five lines. If you ARE
doing realms, but using separate .htaccess files, there is a way to do the rewrites and keep
the .htaccess files but I couldn't make it work so I just moved the directives into httpd.conf.
Sorry

emammendes@superig.com.br wrote:  Hello

Certainly a newbie question but I wonder how apache directs http://mysite to 
https://mysite automatically? The setup on my machine is port 443 but this 
is not exactly what I want.

Many thanks

Ed

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



			
---------------------------------
 Yahoo! Mail
 Use Photomail to share photos without annoying attachments.
Mime
View raw message