RE: re-writing URI's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hi joshua,

sorry i should have been more specific. Its not actually our app but an authentication plug-in and backend that changes the URI and then passes back to the browser. There may be a bug in it that its capturing the incoming URL and not able to re-write it to https before passing back. This is being investigated by the provider but in the meantime i would like to re-write the URI to the proper secure method.

does that make sense?

cheers

Steve

-----Original Message-----
From: jslive@xxxxxxxxx [mailto:jslive@xxxxxxxxx]On Behalf Of Joshua
Slive
Sent: 15 December 2006 14:19
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  re-writing URI's


On 12/15/06, Foster, Stephen (ASPIRE) <steve.foster@xxxxxxxxxxxxxx> wrote:
> Good point well made,
>
> the current rules are as follows:
>
> non-secure handler:
> # =================================================
> # Rewrite to HTTPS Settings
> # =================================================
> RewriteCond %{REQUEST_URI}  !=/heartbeat/heartbeat.htm
> RewriteCond %{REQUEST_URI}  !=/server-status
> RewriteCond %{SERVER_PORT}  !=443
> RewriteRule ^/$ https://www.domain.com/home [R=301,L]
> RewriteCond %{HTTP_HOST}   !^www\.domain\.com [NC]
> RewriteCond %{HTTP_HOST}   !=""
> RewriteCond %{REQUEST_URI}  !=/heartbeat/heartbeat.htm
> RewriteRule ^/(.*)  http://www.domain.com:%{SERVER_PORT}/$1 [R=301,L]
>
> Secure Virtual host:
> RewriteRule ^/$ https://www.domain.com/home [R=301,L]
>
> The backend application catches the /home part and assesses whether the client has already logged in and if not re-directs to /login which then returns the URL/URI given in the original email further down this thread.

Sorry, but I don't get it.  You talked about a query string with
APPURI=http://www.domain.com/home getting added someplace.  But I
don't see that above.  If it is your application that is adding it,
then your application should be able to set the correct scheme.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



===========================================================
Our e-mail domain has now changed from iraspire.com to hmrcaspire.com. Please update your address books.
===========================================================


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux