Re: [users@httpd] How to direct http to https (Apache Users)

Scenario: You've changed the location/path of a webpage on your server, but you don't want to break links to the old location. You could just use symlinks, but you want the new URL to appear in the user's browser so that new links/bookmarks point to the new, real location of your page.

AND/OR you want requests to http://www.domain.com/sensitive.html to be redirected to the https:// (SSL) version of that page. Especially if that page is in an Apache realm that requires a login, and you want the login to be encrypted.

This guide will explain how to do both of those things.

Step 1: Make sure mod_rewrite is being loaded; in other words, make sure that /etc/httpd/conf/httpd.conf contains the line:

LoadModule rewrite_module modules/mod_rewrite.so

Step 2: Back up and then edit httpd.conf (you will need to be root). If you're using VirtualHost directives (see link), then find the VirtualHost block that corresponds to the url you w ant to rewrite. Otherwise put it in wherever you set the options for your site, or put it in a separate Directory block -- whatever you prefer. Add the line:

RewriteEngine On

Also, if it's not already set, you will need to add:

Options +FollowSymlinks

Step 3: Rules. If you're a regex king then you can get all kinds of fancy with these. I am just going to post a couple of simple example here:

RewriteRule ^/oldpath/(.*)$ /newpath/$1 [R]

In other words, http://www.domain.com/oldpath followed by anything -- /oldpath/oldpage.html, /oldpath/index.php, or just /oldpath/ by itself -- will be rewritten to http://www.domian.com/newpath (followed by whatever followed the original URL). The R in brackets means "rewrite the URL in the user's browser." You can do "invisible" rewrites by leaving this off.

RewriteRule ^(.*)\.html$ $1.php [R=permanent]

This is nice for when you re-do your entire website in php, but you don't want to break links to http://www.yoursite.com/somepage.html.

SSL Redirects: Are more complicated than that. In httpd.conf you make the (relatively-straightforward) rule, preceded by a conditional:

RewriteCond   %{SERVER_PORT}  !^443$  RewriteRule ^/secret(.*)$ https://www.domain.com/secret/$1 [L,R]

The RewriteCond line says, "if the request is not already going to port 443 (the https port), then rewrite it." This prevents the server from doing redundant rewrites on URLs that are already correct. The rule itself is very similar to the previous example, except that it rewrites with the whole domain name so that it can include the https: part. The bracketed R is explained above, the additional L means "last rule" which I guess tells Apache to stop running the rewrite module or something. I really don't know.

But you're not done yet. Now you need to edit /etc/httpd/conf.d/ssl.conf. We're assuming here that you've already got certificates configured and whatnot (https: actually works). Here's what my Directory block looks like:

<Directory "/home/www.domain.com/html/secret/">          Options +Indexes          SSLOptions           +StrictRequire          SSLRequire           %{SSL_CIPHER_USEKEYSIZE} >= 128          Order deny,allow          deny from all                  ########          # These next five lines are for requiring an Apache login          AuthType Basic          AllowOverride AuthConfig          AuthUserFile /etc/httpd/conf/users          AuthName "Restricted Area"          require valid-user          ########          satisfy any  </Directory>

If you're not using Apache realm authentication, then leave out those five lines. If you ARE doing realms, but using separate .htaccess files, there is a way to do the rewrites and keep the .htaccess files but I couldn't make it work so I just moved the directives into httpd.conf. Sorry

emammendes@xxxxxxxxxxxxxx wrote:

Hello

Certainly a newbie question but I wonder how apache directs http://mysite to
https://mysite automatically? The setup on my machine is port 443 but this
is not exactly what I want.

Many thanks

Ed

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

Yahoo! Mail
Use Photomail to share photos without annoying attachments.

Follow-Ups:
- Re: [users@httpd] How to direct http to https
  - From: emammendes

References:
- [users@httpd] How to direct http to https
  - From: emammendes

Prev by Date: Re: [users@httpd] how to enable 127.0.0.1 in httpd.conf
Next by Date: Re: [users@httpd] find: 0652-010 The starting directory is not valid
Previous by thread: [users@httpd] How to direct http to https
Next by thread: Re: [users@httpd] How to direct http to https
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]