httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Granvin" <>
Subject Re: [users@httpd] Mod Rewrite assistance sought (hoped for :-)
Date Tue, 17 Jul 2007 15:44:39 GMT
Unfortunately, no (on the content root).  Basically, the "secure"
(https) portion is a shared subdomain, hence the directory approach.
Think of the structure this way:
\\ Robert J. Granvin                                            
 \\                       Metro State
University ->site1
/var/www/secure/ ->site2
/var/www/secure/ ->siten
Where the "secure" subdomain has symbolic links to the content root of
each web site (site1, site2... siten).
Therefore, each web site has access to a single secure server (low
cost), but has the problem of URLs no longer being valid.
a "/foo/bar.html" in site1 has to translate to "/site1/foo/bar.html"
while in the "secure" subdomain in order to render properly, and ends up having to translate to an appropriate URL
also (though translating to a local reference is fine (and preferred
The only guarantee that we have is that the URL called will absolutely
begin with[...], for example...
My suspicion is that this is a lot easier than it seems on the surface.

>>> "Julius Thyssen" <> 7/17/2007 10:21:03 am >>>
On 7/17/07, Robert Granvin <> wrote:
> Standard web site is at "" while
> the secure URL is at ""

So you can't use the same document root for both hosts?
If you need different content, except for some folders,
simply use the Alias directive in httpd.conf.

Alias /images "/var/www/foo/images"

or something.

> (Basically, make sure that local references such as
> become "/foo/images/blah.gif" and hard URLs embed the site reference
> it... The user will connect to "",
> but I need to extract the "foo" to use in the other URLs.)

I'd use a symbolic link for that. So, on the server, if it's

# ln -s /foo/images /images

or whatever you need for that. To use Rewrite for that is overkill.

If you would like httpS to 'appear' only for,
do something like this in httpd.conf:

NameVirtualHost *:80

<VirtualHost *:80>

DocumentRoot /var/www/site.com_doc-root
ServerAlias *
# this ^^ catches mistyped hostnames, like ""
# and "", and limits traffic
# by having all calls go to one hostname..

RewriteEngine on
RewriteCond %{HTTP_HOST}  ^secure\.site\.com
RewriteRule ^/(.*)$$1 [R,L]
RewriteCond $1          =secure
RewriteRule ^/(.*)$ [R,L]
# this all forces the "" requests to go over SSL.
RewriteCond %{HTTP_HOST}  !^$
RewriteRule ^/(.*)$1 [L,R]
RewriteOptions inherit


and then this - for example - in ssl.conf:

<VirtualHost _default_:443>
DocumentRoot /var/www/

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
SSLCACertificatePath /etc/httpd/conf/ssl.crt
<Files ~ "\.(cgi|shtml|phtml|pl|php3?)$">
SSLOptions +StdEnvVars
<Directory "/var/www/">
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

# Julius B. Thyssen

The official User-To-User support forum of the Apache HTTP Server
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message