I use this in the port 80 virtual host (or main section) to refer any
http request to https. The DocumentRoots should be the same or at least
point to a similar file system structure in the http and ssl
virtualhosts. It also informs proxies that it should cache the https
version and not the http due to the 301 response code.
<Location />
RedirectMatch 301 (.*)$ https://servername.comain$1
</Location>
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roy Keene
(Contractor)
Sent: Thursday, October 11, 2007 8:00 AM
To: modssl-users@modssl.org
Subject: Re: How to redirect http to https on same server?
Bernard Barton wrote:
> I'm trying to redirect users from http://vhost.mydomain.com to
> https://vhost.mydomain.com using this RewriteRule:
>
> RewriteCond %{SERVER_PORT} !^443$
> RewriteRule ^/(.*)$ https://cj-mydomain.choicepoint.net/$1 [L,R]
>
>
> This does not seem to work. I have the following defined as a virtual
> host, and the ssl.include is listed below that. What do I need to do
> to redirect http to https on the same server?
>
> -Thanks
>
>
> <IfDefine SSL>
> <VirtualHost 178.45.221.41:443>
>
> #See file below
> Include conf/conf.d/ssl.include
>
> ErrorLog /usr/local/apache/logs/ssl_mydomain_error_log
> CustomLog /usr/local/apache/logs/ssl_mydomain_access_log
> combined
>
> <IfModule mod_proxy.c>
> ProxyRequests On
>
> ProxyPass / http://vhost.mydomain.net:80/
> ProxyPassReverse / http://vhost.mydomain.net:80/
>
>
> </IfModule>
>
> </VirtualHost>
> </IfDefine>
>
>
> ########################### ssl.include
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> SSLCertificateFile
> /usr/local/apache-1.3.37/conf/ssl.crt/star_mydomain_net.crt
>
> SSLCertificateKeyFile
> /usr/local/apache-1.3.37/conf/ssl.key/star_mydomain_net.key
>
> SSLCertificateChainFile
> /usr/local/apache-1.3.37/conf/ssl.crt/DigiCertCA.crt
>
> <Files ~ "\.(cgi|shtml|phtml|php3|roc|rock?)$">
> SSLOptions +StdEnvVars
> </Files>
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager [EMAIL PROTECTED]
>
This is what I use (from internal documentation):
1. Redirect all HTTP requests to HTTPS
a. Load mod_rewrite (see:
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html )
b. Add the following rule to your non-HTTPS server
configuration
(httpd.conf):
# Require HTTPS
RewriteEngine on
RewriteRule ^/(.*) https://${SERVER_NAME}/$1
[redirect=permanent]
Yours should work, too, though since it is only substantially different
in two
(2) ways:
1. You don't have "RewriteEngine on" in the snippet, I assume
you have it somewhere though
2. You check SERVER_PORT against !^443$ (it would probably be
better to check the environment variable HTTPS, though) -- that should
work.
--
Roy Keene (Contractor)
Office of Network Management (Code 7030.8)
Naval Research Laboratory
Stennis Space Center, MS 39529
DSN 828-4827
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
