On 7/2/05, Minnesota Slinky <mnslinky@xxxxxxxxx> wrote: > 1) I have determined that the best way to combat this is through the > rewrite engine. I currently have the following as part of that > virtual host: > > ReWriteEngine On > ReWriteRule ^/(.*) https://www.mysite.com$1 [R,L] > > This works fairly well, unless the link within phpBB contains the > full http://i-want-to-go-here.com/mypage/here.html What gives? The > documentation was not easy for me to understand, so my rule is > probably pretty bad. I'm guessing there is some way to filter this > based on the ReWriteCond HTTPS=off or something. Help please? This doesn't even need mod_rewrite. All you need is to have a port-80 vitual host that catches all the non-ssl requests and put Redirect / http://www.mysite.com/ inside that <VirtualHost> section. > 2) Windows and Internet Explorer seem to continuously give errors > about only some parts of the page being secure, etc. I'm assuming > this error will go away as soon as you folks help me correct my > syntax in the above statement. Unlikely. If the page contains references to insecure items (http://...), then the browser will probably complain regardless of whether or not those items wind up getting redirected to secure locations. Actually, it *must* complain, because the insecure initial request could easily be intercepted and redirected by an attacker, which means the whole page winds up being insecure. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|