Re: [users@httpd] SSL and redirects...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/2/05, Minnesota Slinky <mnslinky@xxxxxxxxx> wrote:
> 1) I have determined that the best way to combat this is through the
> rewrite engine.  I currently have the following as part of that
> virtual host:
> 
>          ReWriteEngine On
>          ReWriteRule ^/(.*) https://www.mysite.com$1 [R,L]
> 
> This works fairly well, unless the link within phpBB contains the
> full http://i-want-to-go-here.com/mypage/here.html  What gives?  The
> documentation was not easy for me to understand, so my rule is
> probably pretty bad.  I'm guessing there is some way to filter this
> based on the ReWriteCond HTTPS=off or something.  Help please?

This doesn't even need mod_rewrite.  All you need is to have a port-80
vitual host that catches all the non-ssl requests and put
Redirect / http://www.mysite.com/
inside that <VirtualHost> section.

> 2) Windows and Internet Explorer seem to continuously give errors
> about only some parts of the page being secure, etc.  I'm assuming
> this error will go away as soon as you folks help me correct my
> syntax in the above statement.

Unlikely.  If the page contains references to insecure items
(http://...), then the browser will probably complain regardless of
whether or not those items wind up getting redirected to secure
locations.  Actually, it *must* complain, because the insecure initial
request could easily be intercepted and redirected by an attacker,
which means the whole page winds up being insecure.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux