httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Beto Limoun <beto.lim...@googlemail.com>
Subject Re: [users@httpd] mod_rewrite/mod_ssl questions
Date Fri, 28 May 2010 21:31:24 GMT
Something I also found useful was to use the following directive.

RewriteMap escaping int:unescape

before my RW rules and changing the RW rules like this

RewriteRule ^/user ${escaping:https://%{HTTP_HOST}%{REQUEST_URI}} [R,L]
etc..

have a look at 
http://www.dracos.co.uk/code/apache-rewrite-problem/
http://forum.modrewrite.com/viewtopic.php?t=33034&sid=2284cc0a301ce61b22bbafdad14f928a

for more info about this mod_rewrite issue.

Regards

On 22 May 2010, at 04:06, Reinhard Vicinus wrote:

> Hi,
> 
> the problem is that if a site which shouldn't be served by https is called by http your
first rewriterule sets ps:https but the first rewriterule after #[2] isn't used because HTTPS
is not on.
> 
> I think you can also have your desired effect much more easier like this:
> 
> #[1] all /user, /subscription and /login pages should be served in https
> RewriteRule /user https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
> RewriteRule /subscription https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
> RewriteRule /login https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
> 
> #[2] For all other pages, if in https mode, serve the page in http mode.
> RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
> 
> Kind regards
> Reinhard
> 
> 
> On 21/05/10 22:58, Beto Limoun wrote:
>> Hello group,
>> 
>> I am working on the mod_ssl configuration on a website and trying to achieve following:
>> When a user accesses a page posting sensitive data to the server, the page should
be accessed in httpS mode. What I am doing to achieve this is that I have a set of rewrite
rules that will match the URI and invoke the httpS page. [1]
>> This seems to be working fine.
>> The problem I am facing is that when in httpS mode I select a page that is supposed
to be accessed in http mode, apache still calls it in httpS mode. I have added some rewrite
rules to prevent this [2], but they somehow get ignored.
>> 
>> Example:
>> Being in httpS://localhost/myapp/user/register
>> I click on the linked  home page logo image and expect to be resent to http://localhost/myapp/
but land instead in httpS://localhost/myapp/
>> 
>> I would appreciate if you can suggest a more elegant solution from your own experience
of a fix to my config below.
>> 
>> Many thanks in anticipation.
>> 
>> Beto
>> 
>> #
>> #
>> #
>> RewriteLog "/private/var/log/apache2/rewrite.log"
>> RewriteLogLevel 9
>> 
>> Options +FollowSymlinks
>> RewriteEngine on
>> 
>> #[1] all /user, /subscription and /login pages should be served in https
>> RewriteCond %{HTTPS} =on [OR]
>> RewriteCond %{HTTPS} !=on
>> RewriteRule ^(.+)$ - [env=ps:https]
>> RewriteRule ^.*/user(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]
>> RewriteRule ^.*/subscription(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]
>> RewriteRule ^.*/login(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]
>> 
>> #[2] For all other pages, if in https mode, serve the page in http mode.
>> RewriteCond %{HTTPS} =on
>> RewriteCond %{REQUEST_URI} !^/(user.*|login.*|subscription.*)
>> RewriteRule ^(.+)$ - [env=ps:http]
>> RewriteRule ^(.+)$ %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]
>> 
>> 
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See<URL:http://httpd.apache.org/userslist.html>  for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>> 
>>   
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message