Mike Soultanian wrote:
Justin Pasher wrote:
Actually, ignore everything I just said. All this time I thought that
was what apache was doing, but it's actually occurring after the
mismatched server name warning is presented. The rewrite rule will
still catch the request and redirect them to https://www.csulb.edu,
but not until after the warning has already been issued.
Heh, no worries ;)
However, I think you might be able to help me solve a few of the
problem cases. Here's what's going on. I have a message forum
running at http://www.csulb.edu/itforums. When you hit the site there
is an .htaccess directive that automatically redirects you to to the
SSL version of the site:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
This works great, except when someone types csulb.edu/itforums in
their browser. They then get redirected to https://csulb.edu/itforums
and receive a certificate error. I can't really fix the case of
someone typing https://csulb.edu/itforums (which will probably be
rare), I can still take care of the other cases: having both
http://www.csulb.edu/itforums and http://csulb.edu/itforums forward to
https://www.csulb.edu/itforums. I tried to do this but my rewrite
statements don't seem to work right:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !www
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} www
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Here are some test pages where I've applied the above directives:
http://csulb.edu/projects/itforums/dev/ ->
https://www.csulb.edu/projects/itforums/dev/
The above correctly updated the URL and is running SSL
http://www.csulb.edu/projects/itforums/dev/ ->
http://www.csulb.edu/projects/itforums/dev/
The above doesn't work correctly as it doesn't go SSL
Notice the second case doesn't forward to https. Any idea why?
Thanks!
Mike
Ahhh... Now it should actually be possible. If possible, I would
(personally) try to push all traffic to www.csulb.edu whenever they try
to pull csulb.edu. Whether or not this is possible in your situation, I
do not know. Something like this in the VirtualHost config would do it.
RewriteCond %{HTTP_HOST} !^www\.csulb\.edu$ [NC]
RewriteRule ^/(.*)$ http://www.csulb.edu/$1 [R=permanent]
This would make sure that requests for any pages are always going
through www.csulb.edu (as opposed to csulb.edu or any other ServerAlias
setting).
Now, back to your specific situation (if it must remain the same
format). For one, you'll want to anchor the check for HTTP_HOST to the
beginning of the string (just to avoid matching something unexpected if
other subdomain ever point to the site. I have also never tried a
rewrite rule that changes from http to https without forcing an actual
redirect (as opposed to an internal rewrite). I would think apache is
forced to perform a redirect when switching protocols, otherwise the
browser would probably get confused (and I'm not sure you could even
make SSL work like that). Adding the [R] flag will force the redirect,
but it might not be necessary.
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=permanent]
FWIW, I tried visiting the test pages you mentioned above, and both of
them actually pushed me to https. Have you cleared your cache to make
sure the browser isn't trying to do something weird by caching the
previous response it received?
--
Justin Pasher
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
