Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Received-SPF: pass (herse.apache.org: domain of jultus@gmail.com designates
 64.233.162.227 as permitted sender)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=hTqGGZQJIyfMULJjAjnnNvz9iNJZz/QnwcFkwVTkZg0c+mcGXIzntJA4RhmN6cIg/Tw7uJ3iMfSq3PrM4AtwXWNbKpaOEK/I53zU9VCIri/U3WefzUSIirAM04NaGN2rhd9340am68KGmcRqW12OXhxPxMfgczE+B2hyF2eBmss=
Message-ID: <f4c0fea20707170821l2bd34fecj9dbe1135bde6d39c@mail.gmail.com>
Date: Tue, 17 Jul 2007 17:21:03 +0200
From: "Julius Thyssen" <jultus@gmail.com>
To: users@httpd.apache.org
In-Reply-To: <469C916C.58E1.0045.0@metrostate.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <469C916C.58E1.0045.0@metrostate.edu>
Subject: Re: [users@httpd] Mod Rewrite assistance sought (hoped for :-)

On 7/17/07, Robert Granvin <Robert.Granvin@metrostate.edu> wrote:
> Standard web site is at "http://foo.site.com/..." while
> the secure URL is at "https://secure.site.com/foo/..."

So you can't use the same document root for both hosts?
If you need different content, except for some folders,
simply use the Alias directive in httpd.conf.

Alias /images "/var/www/foo/images"

or something.

> (Basically, make sure that local references such as "/images/blah.gif"
> become "/foo/images/blah.gif" and hard URLs embed the site reference into
> it... The user will connect to "https://secure.site.com/foo",
> but I need to extract the "foo" to use in the other URLs.)

I'd use a symbolic link for that. So, on the server, if it's linux/unix:

# ln -s /foo/images /images

or whatever you need for that. To use Rewrite for that is overkill.

If you would like httpS to 'appear' only for secure.site.com,
do something like this in httpd.conf:

NameVirtualHost *:80

<VirtualHost *:80>

ServerName site.com
DocumentRoot /var/www/site.com_doc-root
ServerAlias *.site.com
# this ^^ catches mistyped hostnames, like "ww.site.com"
# and "wwww.site.com", and limits traffic
# by having all calls go to one hostname..

RewriteEngine on
RewriteCond %{HTTP_HOST}  ^secure\.site\.com
RewriteRule ^/(.*)$     https://secure.site.com/$1 [R,L]
RewriteCond $1          =secure
RewriteRule ^/(.*)$     https://secure.site.com/ [R,L]
# this all forces the "secure.site.com" requests to go over SSL.
RewriteCond %{HTTP_HOST}  !^site.com(:80)?$
RewriteRule ^/(.*)        http://site.com/$1 [L,R]
RewriteOptions inherit

</VirtualHost>


and then this - for example - in ssl.conf:


<VirtualHost _default_:443>
DocumentRoot /var/www/secure.site.com_doc-root
ServerName secure.site.com:443

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
SSLCACertificatePath /etc/httpd/conf/ssl.crt
<Files ~ "\.(cgi|shtml|phtml|pl|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/secure.site.com_doc-root">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0
 CustomLog logs/ssl_request_log \
  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

-- 
# Julius B. Thyssen

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org