httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Soultanian <msoul...@csulb.edu>
Subject Re: [users@httpd] Possible to force SSL based on URL Variable?
Date Thu, 10 Jul 2008 00:18:56 GMT
got it to work!!  Here's the code that some people helped me out with:

|RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} ssl=true
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

RewriteCond %{HTTPS} on
RewriteCond %{QUERY_STRING} !ssl=true
RewriteCond %{REQUEST_METHOD} GET
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}


Thanks!!

Mike
|
Mike Soultanian wrote:
> Well, I think I kinda got it, but it doesn't seem to work right:
>
> RewriteEngine On
> RewriteCond %{QUERY_STRING} ssl=true [NC]
> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>
> So, I would think that should search for anything after the path that 
> contains ssl=true and if it finds it, it will rewrite the URL with 
> https in front of it.  However, it generates an error.  Take a look:
>
> https://gaggle.its.csulb.edu/itforums/index.php?ssl=true
>
> take off the ssl=true and everything works fine:
>
> https://gaggle.its.csulb.edu/itforums/index.php?
>
> I don't get it because this is what I used before to force full-time 
> SSL and never had these issues:
>
> RewriteEngine On
> RewriteCond %{HTTPS} off
> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>
> and the only thing I changed was the rewrite condition... errrrr...
>
> any help would be much appreciated!!
>
> Thanks!
> Mike
>
>
>
> Mike Soultanian wrote:
>> Hey Everyone,
>> I currently run phpbb and there is no facility to force SSL during 
>> logins only - it's only full-time SSL or not.  Because I have to 
>> encrypt logins, I do the following in my .htaccess file:
>>
>> RewriteEngine On
>> RewriteCond %{HTTPS} off
>> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>>
>> This essentially forces full-time SSL, which is kinda ok, but I'm 
>> running into weird phpbb quirks (SSL write delays) so I'd like to try 
>> and enable SSL only during logins.
>>
>>
>> Since it is difficult to manipulate the protocol section of the URL 
>> in the phpBB code (http/https), I am thinking of appending a url 
>> variable whenever a user is redirected to the logon page that would 
>> look like this:
>>
>> https://mysite.com/forums/posting.php?mode=post&f=3&ssl=true
>>
>> And my hope was that I could have the rewrite mod look at the url and 
>> see if it contains ssl=true, and if so, force https.
>>
>> Seem doable?  I would think searching a URL should be pretty simple, 
>> but I am not very well versed in regular expressions.  I was hoping 
>> someone could help me write the rewrite condition to search for a 
>> string.
>>
>> Thanks!
>> Mike
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

Mime
View raw message