RE: http to https redirect configuration question
Take a look at the mod_rewrite docos. I remember seeing some test to see if a file exists (-f operator?). You could parse the URL's path to infer the physical directory and check to see if an .htaccess file exists there, and redirect appropriately to the SSL virtual server. Off the top of my head, a problem you might encounter is that you'd only have access to the virtual path (the URL's path), and not to the filesystem path, so you'd have to be very careful to take possible aliases into account. OTOH, if I had that need, I'd probably do something in a mod_perl handler (not a content handler, probably in an auth or access handler) because I'd have full access to the Apache API. Cheers... MZ > -Original Message- > From: John W. Sopko Jr. [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 04, 2002 10:49 > To: [EMAIL PROTECTED] > Subject: http to https redirect configuration question > > > I am having a difficult time solving the following: I want our > apache non-secure http:// server to redirect to the secure > https:// server whenever the non-secure server encounters a > .htaccess file in any directory? I do not want to redirect entire > directories or the server itself, only those that contain a > .htaccess file. > > The standard apache Redirect or RedirctMatch cannot do this > because the .htaccess file is not typically specified by the > user. You run into a looping problem if you specify a redirect > in the .htaccess file itself. > > I was hoping there is some switch at the server level to do this. > I of course searched all the docs and mailing archives for > a solution. There is a solution using javascript in the index.html > file that can do a redirect but this would have to be placed > in everyone's .index file and there is no guarantee users will > do this. > > Any solutions would be appreciated. Thanks. > > -- > John W. Sopko Jr. University of North Carolina > email: [EMAIL PROTECTED] Computer Science Dept., CB 3175 > Phone: 919-962-1844 Sitterson Hall; Room 135 > Fax: 919-962-1799 Chapel Hill, NC 27599-3175 > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: http to https redirect configuration question
We have from time to time the following traces in our Apache logs : [Mon Feb 4 08:17:24 2002] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [Mon Feb 4 08:17:24 2002] [error] System: Connection reset by peer (errno: 104) Can anyone help us finding what can the problem be related to ? Our apache is 1.3.20 mod_ssl 2.8.4 OpenSSL 0.9.6b. Part of our configuration is : # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Adding that line because of info from mod_ssl mailing list to # make more stable Apache SSL. # To my understanding (and anyone who can correct me if I am wrong, please do), # some versions of Microsoft Internet Explorer (MSIE) have problems with using the # HTTP/1.1 protocol with SSL. What this command does is to turn off keepalive # facility and force HTTP/1.0 responses (rather than HTTP/1.1 responses) when the # browser (User-Agent) is a version of MSIE. If you would like more information on # this, you might try the following page from the mod_ssl FAQ: # # http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49 # #SetEnvIf User-Agent ".*MSIE.*" nokeepalive \ ssl-unclean-shutdown downgrade-1.0 \ force-response-1.0 SetEnvIf User-Agent "MSIE [1-4]" nokeepalive \ ssl-unclean-shutdown downgrade-1.0 \ force-response-1.0 SetEnvIf User-Agent "MSIE [5-9]" ssl-unclean-shutdown # # Inter-Process Session Cache: # Configure the SSL Session Cache: First either `none' # or `dbm:/path/to/file' for the mechanism to use and # second the expiring timeout (in seconds). #SSLSessionCachenone #SSLSessionCacheshm:/opt/apache/logs/ssl_scache(512000) SSLSessionCache dbm:/opt/apache/logs/ssl_scache SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual explusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex file:/opt/apache/logs/ssl_mutex # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. SSLRandomSeed startup builtin SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # The certificate files are now located under /opt/apache/conf SSLCertificateFile /opt/apache/conf/XXX.crt SSLCertificateKeyFile /opt/apache/conf/XXX.key __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
http to https redirect configuration question
I am having a difficult time solving the following: I want our apache non-secure http:// server to redirect to the secure https:// server whenever the non-secure server encounters a .htaccess file in any directory? I do not want to redirect entire directories or the server itself, only those that contain a .htaccess file. The standard apache Redirect or RedirctMatch cannot do this because the .htaccess file is not typically specified by the user. You run into a looping problem if you specify a redirect in the .htaccess file itself. I was hoping there is some switch at the server level to do this. I of course searched all the docs and mailing archives for a solution. There is a solution using javascript in the index.html file that can do a redirect but this would have to be placed in everyone's .index file and there is no guarantee users will do this. Any solutions would be appreciated. Thanks. -- John W. Sopko Jr. University of North Carolina email: [EMAIL PROTECTED] Computer Science Dept., CB 3175 Phone: 919-962-1844 Sitterson Hall; Room 135 Fax: 919-962-1799 Chapel Hill, NC 27599-3175 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]