Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by AskApache: http://wiki.apache.org/httpd/ScratchPad/RedirectSSL ------------------------------------------------------------------------------ + Pepper: - = Redirect Request To SSL = + = Redirect Request to SSL = Let's say you want http://www.domain.com/secure/ to always be sent over SSL (I presume here that both the normal and the SSL vhost have the same content). You could do this by linking to the correct page from within your HTML pages... but there will always be some user who will sneak by it that way. @@ -9, +10 @@ <Location /secure> RewriteEngine On ReWriteCond %{HTTPS} !=on - RewriteRule .* https://%{HTTP_HOST}:443%{REQUEST_URI} [QSA,R=permanent,L] + RewriteRule .* https://%{HTTP_HOST}:8443%{REQUEST_URI} [QSA,R=permanent,L] </Location> }}} - '''Note: This snippet can also be used inside a directory or vhost container.''' + '''Note: This snippet can also be used inside a directory or vhost container. If the SSL port is 443 (the default), you don't need it (or the colon) in the RewriteRule, as all browsers which support SSL will automatically use port 443; this example redirects to an SSL server on port 8443.''' Make sure you have loaded [http://httpd.apache.org/docs/trunk/mod/mod_rewrite.html mod_rewrite] and have it enabled. @@ -44, +45 @@ + == Most Secure SSL Redirect Method (doesn't require mod_rewrite!) == + This will check to make sure that the connection is using SSL, or it will fail. This works whether you are serving SSL on port 443, 80, 81, or elsewhere. This is the most secure setting for SSL logins. - = Improved Redirect To SSL = - ''source: [http://www.askapache.com/2006/htaccess/apache-ssl-in-htaccess-examples.html askApache.com]'' - {{{ - #If server does not have mod_ssl or mod_rewrite, deny - [IfModule !mod_rewrite.c] - [IfModule !mod_ssl.c] - deny from all - [/IfModule] - [/IfModule] - }}} + This also avoids having to type in the username and password twice by requiring the HTTP_HOST to match the HTTP_HOST that your SSL certificate is set up for; in the case above, the certificate is for `askapache.com` rather than `www.askapache.com` + So if either of those 2 checks fail '''(no SSL or incorrect domain)''' then the (403) ErrorDocument directive redirects the browser to try again at https://askapache.com . - == Most Secure SSL Redirect Method '''(doesn't require mod_rewrite!)''' == - This will check to make sure that the connection is using SSL, or it will fail. This works regardless of if you are serving SSL on port 443, 80, 81, etc. This is the most secure setting for SSL logins. - - This also fixes having to type in the username and password twice by requiring the HTTP_HOST to match the HTTP_HOST that your SSL certificate is set-up for, in the case above, the SSL is for askapache.com not www.askapache.com - - So if either of those 2 checks fail '''(!SSL or !correct domain)''' than the (403) ErrorDocument directive issues a 302 Found, Location: https://askapache.com which forces the client to connect to the correct location. {{{ [IfModule mod_ssl.c] SSLOptions +StrictRequire @@ -72, +61 @@ }}} - == Rewrite non-SSL requests to SSL '''(doesn't require mod_ssl!)''' == + == Rewrite non-SSL requests to SSL with `mod_rewrite` == {{{ [IfModule !mod_rewrite.c] RewriteCond %{HTTPS} !=on RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [QSA,R=301,L] [/IfModule] }}} - ''NOTE'': The ''HTTPS'' variable is always present, even if mod_ssl isnât loaded! + ''NOTE'': The ''HTTPS'' variable is always present, even if `mod_ssl` isnât loaded! This is useful if a non-SSL server is redirecting to a different SSL-enabled server. == Redirect everything served on port 80 to SSL == @@ -100, +89 @@ /document.html:NOSSL --> http://askapache.com/document.html }}} - Original edited by John Crown -
