--- Haroon Rafique <[EMAIL PROTECTED]> wrote:
> I have been reading the archives for a while now and didn't see any
> solution
> to my problem. So here goes... Thank in advance for any solutions
>
> To force people to use https instead of http, I could use the
> mod_rewrite as
> follows (all is theoretical, I don't have access to apache or apache
> with
> mod_ssl right now, so please bear with me):
>
> RewriteEngine On
> # use log level 9 for most verbose 0 for least
> RewriteLogLevel 9
> RewriteLog "/etc/httpd/logs/rewrite.log"
> RewriteCond %{HTTPS} !=on
> RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
>
> It is absolutely essential to give the user the ability to see the
> homepage
> as regular http (and a few tech support pages) in case they have SSL
> turned
> off, or are using lynx without SSL support. Otherwise, if I blindly
> forward
> all http requests to https how would they know they're supposed to
> use SSL
> when they're using a non-SSL browser.
>
> Is it possible to not have a RewriteCond which prevents the
> RewriteRule to
> execute to take care of the above situation? Am I missing something
> obvious?
>
> Thanks,
> --
> Haroon Rafique <[EMAIL PROTECTED]>
As a quick-and-dirty response, here's a modperl
handler we set up:
============================================================
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# module for Apache/mod_perl PerlPostReadRequestHandler to redirect
# users on the nonsecure port over to SSL (hopefully saving bookmarks)
#______________________________________________________________________
package Apache::PortCorrect;
use strict;
use Apache::Constants qw( :response :methods );
sub handler {
my($r,$s,$url,$args,$uri,$subr);
$r = shift; # the request object
return OK if 443 == $r->get_server_port;
(undef,$url,undef) = split(/\s+/o, $r->the_request);
return OK if $url =~ m{ ^(?:/
| .*[.](?:gif|jpg)
| /(?: public
| teampages
| pics
| avgrates
| regulatory
)(?:/.*)?
| /(?:home|cook)[.]shtml
)$
}ixo;
$uri = "https://buda.bst.bls.com" . $url;
$uri .= "?$args" if $args = $r->args;
$r->custom_response(MOVED,$uri);
return MOVED;
}
1; # guarantee return code for load
===================================================================
It allows http on the listed subsites, but redirects to the secure port
for everything else.
If you don't have mod_perl, you might manage a similar effect with some
hacking. There are better ways, but my ride's waiting. =o)
Good luck.
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
