Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by pctony: http://wiki.apache.org/httpd/Recipes/RedirectSSL The comment on the change is: removed external links, extra like hits, and poor naming - more to follow ------------------------------------------------------------------------------ ---- - [[Anchor("context_nonhtaccess)]] + == Context: server config, virtual host, directory == - [[Anchor("using_mod_rewrite)]] + === Using mod_rewrite === {{{ <Location /secure> @@ -27, +27 @@ LoadModule rewrite_module modules/mod_rewrite.so RewriteEngine On }}} - [[Anchor("using_virtual_hosts)]] + === Using virtual hosts === When using SSL, you will frequently have at least two virtual hosts: one on port 80 to serve ordinary requests, and one on port 443 to serve SSL. If you wish to redirect users from the non-secure site to the SSL site, you can use an ordinary [http://httpd.apache.org/docs/trunk/mod/mod_alias.html#redirect Redirect] directive inside the non-secure VirtualHost: @@ -49, +49 @@ ---- - [[Anchor("context_htaccess")]] + == Context: .htaccess, server config, virtual host, directory == - [[Anchor("most_secure_ssl_redirect_method)]] + - === Most Secure SSL Redirect Method (doesn't require mod_rewrite!) === + === SSL Redirect Method (doesn't require mod_rewrite!) === - [[FootNote(Based on article at http://www.askapache.com/2006/htaccess/apache-ssl-in-htaccess-examples.html with explicit permission given by site owner and article author to repost here.)]][http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#ssloptions SSLOptions +StrictRequire] forces forbidden access (403) when `SSLRequireSSL` or `SSLRequire` decide access should be forbidden. Usually where a [http://httpd.apache.org/docs/trunk/mod/mod_access_compat.html#satisfy Satisfy Any] directive is used, this denial of access is overridden. For strict access restriction you can use `SSLRequireSSL` and/or `SSLRequire` in combination with an `SSLOptions +StrictRequire` Then an additional `Satisfy Any` has no chance once [http://httpd.apache.org/docs/trunk/mod/mod_ssl.html mod_ssl] has decided to deny access. + [http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#ssloptions SSLOptions +StrictRequire] forces forbidden access (403) when `SSLRequireSSL` or `SSLRequire` decide access should be forbidden. Usually where a [http://httpd.apache.org/docs/trunk/mod/mod_access_compat.html#satisfy Satisfy Any] directive is used, this denial of access is overridden. For strict access restriction you can use `SSLRequireSSL` and/or `SSLRequire` in combination with an `SSLOptions +StrictRequire` Then an additional `Satisfy Any` has no chance once [http://httpd.apache.org/docs/trunk/mod/mod_ssl.html mod_ssl] has decided to deny access. [http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslrequiressl SSLRequireSSL] forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for the current connection.[[BR]] [http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslrequire SSLRequire] forbids access unless HTTP_HOST matches your SSL certificate ''(in this case, the certificate is for `askapache.com` not `www.askapache.com`)''. @@ -67, +67 @@ }}} '''Note:''' Checking for the correct HTTP_HOST fixes the problem with Basic Authentication asking for the username/password twice, and also fixes security errors about your SSL certificate. - [[Anchor("alternative_most_secure_redirect_method)]] + === Alternative to above method (doesn't require mod_ssl!) === - [[FootNote(Based on article at http://www.askapache.com/2006/htaccess/apache-ssl-in-htaccess-examples.html with explicit permission given by site owner and article author to repost here.)]]{{{ + {{{ RewriteCond %{HTTPS} !=on RewriteRule .* - [F] - ErrorDocument 403 https://askapache.com + ErrorDocument 403 https://mysite.com }}} + + {{{ - [[Anchor(rewrite_non_ssl_with_mod_rewrite)]] - === Rewrite non-SSL to SSL with mod_rewrite (doesn't require mod_ssl!) === - [[FootNote(Based on article at http://www.askapache.com/2006/htaccess/apache-ssl-in-htaccess-examples.html with explicit permission given by site owner and article author to repost here.)]]{{{ RewriteCond %{HTTPS} !=on RewriteRule .*$ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,R=301,L] }}} '''NOTE''': The ''HTTPS'' variable is always present, even if `mod_ssl` isnât loaded! This is useful if a non-SSL server is redirecting to a different SSL-enabled server. - [[Anchor(redirect_everything_served_on_port_80_to_ssl)]] + === Redirect everything served on port 80 to SSL === - [[FootNote(Based on article at http://www.askapache.com/2006/htaccess/apache-ssl-in-htaccess-examples.html with explicit permission given by site owner and article author to repost here.)]]{{{ + {{{ RewriteCond %{SERVER_PORT} ^80$ RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [QSA,R=301,L] }}} - [[Anchor(redirecting_to_ssl_or_non_ssl_using_relative_uris)]] + === Redirecting to SSL or non-SSL using relative URIs === [[FootNote(Based on article at http://httpd.apache.org/docs/trunk/ssl/ssl_faq.html#aboutconfig)]]{{{ RewriteRule ^/(.*):SSL$ https://%{SERVER_NAME}/$1 [QSA,R=302,L] @@ -98, +97 @@ }}} This lets you use URIs in your html like: {{{ - http://askapache.com/index.html:SSL ==> http'''s'''://askapache.com/index.html + http://mysite.com/index.html:SSL ==> http'''s'''://mysite.com/index.html - http'''s'''://askapache.com/index.html:NOSSL ==> http://askapache.com/index.html + http'''s'''://mysite.com/index.html:NOSSL ==> http://mysite.com/index.html }}} - [[Navigation(slideshow)]] - [[FootNote()]] - ---- - [[PageHits]]
