Re: apache redirection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



At Wed, 19 May 2010 15:29:51 -0600 CentOS mailing list <centos@xxxxxxxxxx> wrote:

> 
> On Wed, May 19, 2010 at 3:02 PM, Zack Colgan
> <security-watch-zack@xxxxxxxxxxxxxxxx> wrote:
> > On 05/19/2010 04:08 PM, Ski Dawg wrote:
> >> The problem I am running into is if they go to https://domainname.com
> >> (straight to the secure site), I am not able to find a solution that
> >> will redirect them to https://www.domainname.com, so that the ssl
> >> certificate matches and they won't get the "This connection is
> >> untrusted" warning.
> >
> > The problem you are running into is that SSL sessions are negotiated
> > prior to the browser sending the virtual host name, so there is no
> > opportunity to redirect the client to the www URL before it's too late.
> >  Aside from purchasing a second SSL certificate for the plain domain
> > name or getting a wildcard certificate to cover both, I would just make
> > sure the links on your web site to the secure version of the domain
> > specify the www in the URL.
> 
> Zack,
> 
> Thanks for the reply.
> 
> All of our links use the correct syntax (with the www), we were just
> trying to catch the corner cases where if someone tries to go directly
> to https://domainname.com instead of https://www.domainname.com then
> it would not give them the error.

Is there any *legitimate* reason why someone would want to *type*
https://domainname.com in the location/address bar? There really should
not be a reason to do that. If people are doing this, then that means
there is some reason for it (maybe the https://www.domtainname.com/...
link is too deeply burried in the regular site?).

> 
> I was hoping to be able to do this without another certificate, since
> this is just some corner cases, but I will investigate that as well.
> Thanks.

-- 
Robert Heller             -- Get the Deepwoods Software FireFox Toolbar!
Deepwoods Software        -- Linux Installation and Administration
http://www.deepsoft.com/  -- Web Hosting, with CGI and Database
heller@xxxxxxxxxxxx       -- Contract Programming: C/C++, Tcl/Tk

                                                                                       
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux