Re: [users@httpd] Question about SSL and Apache and a certificate error

Mon, 29 Sep 2008 15:06:10 -0700 


Justin Pasher wrote:



Actually, ignore everything I just said. All this time I thought that 
was what apache was doing, but it's actually occurring after the 
mismatched server name warning is presented. The rewrite rule will 
still catch the request and redirect them to https://www.csulb.edu, 
but not until after the warning has already been issued.



Heh, no worries ;)


However, I think you might be able to help me solve a few of the problem 
cases.  Here's what's going on.  I have a message forum running at 
http://www.csulb.edu/itforums.  When you hit the site there is an 
.htaccess directive that automatically redirects you to to the SSL 
version of the site:


RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


This works great, except when someone types csulb.edu/itforums in their 
browser.  They then get redirected to https://csulb.edu/itforums and 
receive a certificate error.  I can't really fix the case of someone 
typing https://csulb.edu/itforums (which will probably be rare), I can 
still take care of the other cases: having both 
http://www.csulb.edu/itforums and http://csulb.edu/itforums forward to 
https://www.csulb.edu/itforums.  I tried to do this but my rewrite 
statements don't seem to work right:


RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !www
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI}

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} www
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Here are some test pages where I've applied the above directives:


http://csulb.edu/projects/itforums/dev/ -> 
https://www.csulb.edu/projects/itforums/dev/

The above correctly updated the URL and is running SSL


http://www.csulb.edu/projects/itforums/dev/ -> 
http://www.csulb.edu/projects/itforums/dev/

The above doesn't work correctly as it doesn't go SSL

Notice the second case doesn't forward to https.  Any idea why?

Thanks!
Mike

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to