Mod_rewrite In Https
July 10, 2008 - 7:09pm
Where are you putting these
Where are you putting these rewrite rules? (i.e. httpd.conf, .htaccess)
July 10, 2008 - 7:29pm
July 10, 2008 - 7:59pm
HMm...well then I guess I
HMm...well then I guess I can't really imagine why you're having issues. The setup shouldn't be any different--I have done mod_rewrite w/ SSL many times. Are you able to show is any of your config files?
July 10, 2008 - 9:35pm
Here's an example of an
Here's an example of an .htaccess file I have that forces https://, as well as force a username and password to access the directory. It also restricts anyone except the IP address specified from accessing the directory.
CODE
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "www.yourdomain.com"
AuthType Basic
AuthName "Access for /foo/locked"
AuthUserFile /dir/dir/foo/htpasswd
require user me
require user you
require user us
order deny,allow
deny from all
allow from 192.456.987.123
ErrorDocument 403 https://www.yourdomain.com/foo/file.html
July 11, 2008 - 10:46am
The following adds www if
The following adds www if missing and then forces https:
CODE
<VirtualHost *:80>
ServerAdmin webmaster@domain.com
DocumentRoot /var/www/vhosts/domain.com
ServerName domain.com
ServerAlias *.domain.com
ErrorLog logs/domain.com-error_log
CustomLog logs/domain.com-access_log common
ServerAdmin webmaster@domain.com
DocumentRoot /var/www/vhosts/domain.com
ServerName domain.com
ServerAlias *.domain.com
ErrorLog logs/domain.com-error_log
CustomLog logs/domain.com-access_log common
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.domain.com$ [NC]
RewriteRule ^(.*)$ http://www.domain.com$1 [R,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
</VirtualHost>
The following is when accessing https, but will not rewrite with www:
CODE
<VirtualHost 192.168.100.223:443>
ServerAdmin webmaster@domain.com
DocumentRoot /var/www/vhosts/domain.com
ServerName domain.com
ServerAlias *.domain.com
LogLevel warn
ServerAdmin webmaster@domain.com
DocumentRoot /var/www/vhosts/domain.com
ServerName domain.com
ServerAlias *.domain.com
LogLevel warn
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.domain.com$ [NC]
RewriteRule ^(.*)$ https://www.domain.com$1 [R,L]
SSLEngine On
# SSL Cert Paths
ErrorLog logs/domain.com_ssl_error_log
CustomLog logs/domain.com_access_log common
</VirtualHost>
I'm curious if the SSL config is picking up HTTP_HOST. It should just return the domain name (and there is no such thing as HTTPS_HOST), but it doesn't work nor appear to trigger. Here's what I added to the port 443 config:
CODE
RewriteLog logs/domain.com_rewrite_log
RewriteLogLevel 9
RewriteLogLevel 9
It's funny, when accessing port 80, which didn't have the log directive for rewrite, it still wrote to the log file.
July 11, 2008 - 9:41pm
Did a little searching - see
Did a little searching - see if this might work for you...just for the redirect to https
CODE
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Here's from another forum, somewhere -
CODE
> Hi,
>
> Try placing your rewrite directives in SSL Virtual host. Your
> directives are not working possibly because ssl data is not decrypted
> yet.
>
> Try placing your rewrite directives in SSL Virtual host. Your
> directives are not working possibly because ssl data is not decrypted
> yet.
July 12, 2008 - 1:13am
Again, I need to stress the
Again, I need to stress the problem at hand. The problem is using mod_rewrite in https, not mod_rewrite to force https. I am forcing it without any problems, but using mod_write in my https directive is where the problem lies. Ultimately the url should end up being rewritten to https://www.domain.com. If you access http://www.domain.com, it rewrites to https://www.domain.com. If you access http://domain.com, it rewrites to https://www.domain.com. If you access https://domain.com, no rewriting occurs.
July 12, 2008 - 7:54am
Although you aren't seeing
Although you aren't seeing anything in the rewrite log, and oyu defnitely should no matter what is being matched, try appending :443 to the host you're matching:
CODE
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.domain.com:443$ [NC]
RewriteRule ^(.*)$ https://www.domain.com$1 [R,L
RewriteCond %{HTTP_HOST} !^www.domain.com:443$ [NC]
RewriteRule ^(.*)$ https://www.domain.com$1 [R,L
NOt sure if that will help since, like I said, you're not even seeing anything doing match checking in the logs. /sad.gif" style="vertical-align:middle" emoid=":(" border="0" alt="sad.gif" />
July 16, 2008 - 2:13pm
JAAulde @ Jul 12 2008,
Although you aren't seeing anything in the rewrite log, and oyu defnitely should no matter what is being matched, try appending :443 to the host you're matching:
CODE
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.domain.com:443$ [NC]
RewriteRule ^(.*)$ https://www.domain.com$1 [R,L
RewriteCond %{HTTP_HOST} !^www.domain.com:443$ [NC]
RewriteRule ^(.*)$ https://www.domain.com$1 [R,L
NOt sure if that will help since, like I said, you're not even seeing anything doing match checking in the logs. /sad.gif" style="vertical-align:middle" emoid=":(" border="0" alt="sad.gif" />
Adding :443 to the end of the domain causes a redirect loop since www.domain.com != www.domain.com:443
Man this is frustrating.
August 15, 2008 - 11:20pm
August 16, 2008 - 11:45am
August 18, 2008 - 1:09pm
August 18, 2008 - 2:46pm
Well of course they would be
Well of course they would be on different IP addresses. Going through the motions of assigning different ports to the same IP address to achieve each site having its own SSL certificate is a headache that isn't worth the trouble and fuss. Besides, the issue has never been getting SSL to work, it's getting mod_rewrite to force www in SSL.
August 18, 2008 - 3:07pm
Have you considered doing
Have you considered doing this in php instead of .htaccess? I just implemented this on one of my own websites a few days ago (with help from a member of a different forum) and here's what I've got in my php file that is included into every single php page on my website:
CODE
$httpsfile[] = "1"; //placeholder
$httpsfile[] = "file1.php";
$httpsfile[] = "file2.php";
$httpsfile[] = "file1.php";
$httpsfile[] = "file2.php";
if($_SERVER['HTTPS'] != "on" && array_search(basename($_SERVER['PHP_SELF']), $httpsfile) !== FALSE) {
reload("https://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']);
}
else if(array_search(basename($_SERVER['PHP_SELF']), $httpsfile) === FALSE && $_SERVER['HTTPS'] == "on") {
reload("http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']);
}
And then the code for the function:
CODE
function reload($destination) {
$reload = 'Location: ' . $destination;
header($reload);
}
$reload = 'Location: ' . $destination;
header($reload);
}
August 18, 2008 - 3:17pm
While I can do that, the
While I can do that, the whole point of using mod_rewrite is to send the user to the correct location as quickly and efficiently as possible. Using PHP is a viable solution, but resorting to Apache is far better. It's not a big concern since someone would have to type out https://domain.com since going to just the domain rewrites to the full address.
August 26, 2008 - 12:27pm
I've got a domain that I'm forcing www and https on. When accessing the domain by itself, everything is rewriting perfectly. However, the issue I'm having is to force
https://domain.com
To rewrite to
https://www.domain.com
The settings currently in place:
RewriteRule ^(.*)$ https://www.domain.com$1 [R,L]
I had RewriteLog added as well for both port 80 and 443. With RewriteLogLevel 9, all rewrite actions would be logged. The log was updated when connecting to port 80, but never for port 443.
To reiterate, the problem is forcing https://domain.com to https://www.domain.com. I can't force www and then http to https when https is being initially connected to. I mention this because a friend of mine trying to help me didn't seem to grasp that initially.
Who can bring a charge to God's elect? It is God who justifies!