Re: Mod-rewrite problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> On 15 November 2010 17:17, Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx> wrote:
> 
> > Redirect / https://www.site.co.za
> >
> > in the VirtualHost section for site.co.za (yes, you need separate virtual
> > host)
> >
> > I hope you have SSL certificate for www.site.co.za with alternative name
> > site.co.za, otherwise browsers will report a mismatch.

On 15.11.10 19:37, Rudi Kramer wrote:
> I think I see the problem here. I have two virtual host files, one for
> non-ssl and one for ssl.
> 
> <VirtualHost *:80>
> ServerName www.site.co.za
> ServerAlias site.co.za
> 
> RedirectMatch ^ https://www.site.co.za/

put here simply:

Redirect / https://www.site.co.za/

> </VirtualHost>

> <VirtualHost *:443>
> ServerName www.site.co.za
> ServerAlias site.co.za
> 
> RedirectMatch ^http\://site\.co\.za https://www.site.co.za/

This will never match, Redirect only sees local path, no http/https.
Yes, the destination may contain http/https.

> SSLEngine on
> SSLOptions +StrictRequire
> SSLCertificateFile /etc/apache2/ssl/site.co.za/server.crt
> SSLCertificateKeyFile /etc/apache2/ssl/site.co.za/server.key
> 
> </VirtualHost>

> As far as I can tell the ssl encryption means that Apache can't do the
> redirect

Apache _can_ do the redirect. But you don't read documentation and
apparently neither our recommendations.

> and the cliet only has a valid cert for the
> https://www.site.co.zaand not
> https://site.co.za which is why I was trying to get the redirect working..

The redirection has nothing to do with the certificate. Actually, the server
doesn't care about certificates...

However, you must either have _two_ virtual hosts and redirect requests from
one to another, or have third-party apache module that redirects request to
the servername if an alias is specified. I know of mod_comon_redirect
(available in gentoo linux) and mod_redirtoservname (debian)

Unfortunately, mod_common_redirect doesn't seem to work within SSL virtual
host.

-- 
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux