Re: mod_rewrite/mod_ssl questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
the problem is that if a site which shouldn't be served by https is called by http your first rewriterule sets ps:https but the first rewriterule after #[2] isn't used because HTTPS is not on. 

I think you can also have your desired effect much more easier like this:

#[1] all /user, /subscription and /login pages should be served in https
RewriteRule /user https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteRule /subscription https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteRule /login https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

#[2] For all other pages, if in https mode, serve the page in http mode.
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Kind regards
Reinhard


On 21/05/10 22:58, Beto Limoun wrote:

Hello group,

I am working on the mod_ssl configuration on a website and trying to achieve following:
When a user accesses a page posting sensitive data to the server, the page should be accessed in httpS mode. What I am doing to achieve this is that I have a set of rewrite rules that will match the URI and invoke the httpS page. [1]
This seems to be working fine.
The problem I am facing is that when in httpS mode I select a page that is supposed to be accessed in http mode, apache still calls it in httpS mode. I have added some rewrite rules to prevent this [2], but they somehow get ignored.

Example:
Being in httpS://localhost/myapp/user/register
I click on the linked  home page logo image and expect to be resent to http://localhost/myapp/ but land instead in httpS://localhost/myapp/

I would appreciate if you can suggest a more elegant solution from your own experience of a fix to my config below.

Many thanks in anticipation.

Beto

#
#
#
RewriteLog "/private/var/log/apache2/rewrite.log"
RewriteLogLevel 9

Options +FollowSymlinks
RewriteEngine on

#[1] all /user, /subscription and /login pages should be served in https
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.+)$ - [env=ps:https]
RewriteRule ^.*/user(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteRule ^.*/subscription(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteRule ^.*/login(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]

#[2] For all other pages, if in https mode, serve the page in http mode.
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/(user.*|login.*|subscription.*)
RewriteRule ^(.+)$ - [env=ps:http]
RewriteRule ^(.+)$ %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See<URL:http://httpd.apache.org/userslist.html>  for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux