Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by pctony: http://wiki.apache.org/httpd/Recipes/RedirectSSL The comment on the change is: uniformed all domains to use example.com ------------------------------------------------------------------------------ = Redirect Request to SSL = - Let's say you want http://www.domain.com/secure/ to always be sent over SSL (I presume here that both the normal and the SSL vhost have the same content). You could do this by linking to the correct page from within your HTML pages... but there will always be some user who will sneak by it that way. + Let's say you want http://www.example.com/secure/ to always be sent over SSL (I presume here that both the normal and the SSL vhost have the same content). You could do this by linking to the correct page from within your HTML pages... but there will always be some user who will sneak by it that way. [[TableOfContents([3])]] ---- - - == Context: server config, virtual host, directory == === Using mod_rewrite === {{{ @@ -50, +48 @@ ---- - == Context: .htaccess, server config, virtual host, directory == + === SSL Redirect Method (doesn't require mod_rewrite!) === [http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#ssloptions SSLOptions +StrictRequire] forces forbidden access (403) when `SSLRequireSSL` or `SSLRequire` decide access should be forbidden. Usually where a [http://httpd.apache.org/docs/trunk/mod/mod_access_compat.html#satisfy Satisfy Any] directive is used, this denial of access is overridden. For strict access restriction you can use `SSLRequireSSL` and/or `SSLRequire` in combination with an `SSLOptions +StrictRequire` Then an additional `Satisfy Any` has no chance once [http://httpd.apache.org/docs/trunk/mod/mod_ssl.html mod_ssl] has decided to deny access. [http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslrequiressl SSLRequireSSL] forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for the current connection.[[BR]] - [http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslrequire SSLRequire] forbids access unless HTTP_HOST matches your SSL certificate ''(in this case, the certificate is for `askapache.com` not `www.askapache.com`)''. + [http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslrequire SSLRequire] forbids access unless HTTP_HOST matches your SSL certificate ''(in this case, the certificate is for `example.com` not `www.example.com`)''. - If either of those 2 checks fail (403), then the [http://httpd.apache.org/docs/trunk/mod/core.html#errordocument ErrorDocument] directive uses a `302` to redirect the browser to `https://askapache.com`. + If either of those 2 checks fail (403), then the [http://httpd.apache.org/docs/trunk/mod/core.html#errordocument ErrorDocument] directive uses a `302` to redirect the browser to `https://example.com`. {{{ SSLOptions +StrictRequire SSLRequireSSL - SSLRequire %{HTTP_HOST} eq "askapache.com" + SSLRequire %{HTTP_HOST} eq "example.com" - ErrorDocument 403 https://askapache.com + ErrorDocument 403 https://example.com }}} '''Note:''' Checking for the correct HTTP_HOST fixes the problem with Basic Authentication asking for the username/password twice, and also fixes security errors about your SSL certificate. @@ -72, +70 @@ {{{ RewriteCond %{HTTPS} !=on RewriteRule .* - [F] - ErrorDocument 403 https://mysite.com + ErrorDocument 403 https://example.com }}} @@ -97, +95 @@ }}} This lets you use URIs in your html like: {{{ - http://mysite.com/index.html:SSL ==> http'''s'''://mysite.com/index.html + http://example.com/index.html:SSL ==> http'''s'''://example.com/index.html - http'''s'''://mysite.com/index.html:NOSSL ==> http://mysite.com/index.html + http'''s'''://example.com/index.html:NOSSL ==> http://example.com/index.html }}}
