I recently learned how to use [tt]mod_rewrite[/tt] to force users attempting to reach http://[secure area] to go to https://[secure area]. Everything works...almost.
Now, when the user traverses to http://[SERVER NAME], the rewrite rule is redirecting to https://[SERVER NAME], even though it is not a secure area.
I only wish for the secure areas to be rewritten, is this possible?
I have the following hierarchy:
[tt]
ApacheRoot
|
|--->All of the unsecure documents
|
|--->SSLDirs
|
|--->All of the secure documents
[/tt]
The relevant httpd.conf statments are:
[tt]
Listen 80
LoadModule auth_module modules/mod_auth.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule ssl_module modules/mod_ssl.so
ServerAdmin [SERVER ADMIN EMAIL]
ServerName [SERVER NAME]:80
UseCanonicalName On
DocumentRoot [DOCUMENT ROOT DIRECTORY]
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory [DOCUMENT ROOT DIRECTORY]>
Options Indexes FollowSymLinks
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
Include conf/ssl.conf
NameVirtualHost *:80
#IF I UNCOMMENT THIS SEEMINGLY REDUNDANT SEGMENT, NO REWRITES OCCUR.
#<VirtualHost *:80>
# ServerAdmin [SERVER ADMIN EMAIL]
# DocumentRoot [DOCUMENT ROOT DIRECTORY]
# ServerName [SERVER NAME]
# SSLEngine off
#</VirtualHost>
<VirtualHost *:80>
ServerAdmin [SERVER ADMIN EMAIL]
DocumentRoot [DOCUMENT ROOT DIRECTORY]/SSLDirs
ServerName [SERVER NAME]
SSLEngine off
RewriteEngine on
RewriteRule ^/(.*)$ [R,L]
</VirtualHost>
[/tt]
The ssl.conf file is:
[tt]
<IfDefine SSL>
SSLProtocol -all +SSLv3
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<VirtualHost *:443>
DocumentRoot [DOCUMENT ROOT DIRECTORY]/SSLDirs
ServerName [MY SERVER NAME]
ServerAdmin [MY SERVER ADMIN E-MAIL ADDRESS]
SSLEngine on
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile [SSL CERTIFICATE FILE]
SSLCertificateKeyFile [SSL CERTIFICATE KEY FILE]
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "c:/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SSLOptions +FakeBasicAuth
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
<Directory [DOCUMENT ROOT DIRECTORY]/SSLDirs>
AllowOverride None
AuthName "Restricted to Authorized Users"
AuthType Basic
AuthDBMUserFile [AUTHORIZATION DATABASE USER FILE]
AuthDBMGroupFile [AUTHORIZATION DATABASE GROUP FILE]
require group [MY SECURE GROUP]
</Directory>
</VirtualHost>
</IfDefine>
[/tt]
I guess my question is this: Is it possible to have BOTH an HTTP *and* an HTTPS server for the same name/IP? If so, what, in my configuration, is preventing this?
Now, when the user traverses to http://[SERVER NAME], the rewrite rule is redirecting to https://[SERVER NAME], even though it is not a secure area.
I only wish for the secure areas to be rewritten, is this possible?
I have the following hierarchy:
[tt]
ApacheRoot
|
|--->All of the unsecure documents
|
|--->SSLDirs
|
|--->All of the secure documents
[/tt]
The relevant httpd.conf statments are:
[tt]
Listen 80
LoadModule auth_module modules/mod_auth.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule ssl_module modules/mod_ssl.so
ServerAdmin [SERVER ADMIN EMAIL]
ServerName [SERVER NAME]:80
UseCanonicalName On
DocumentRoot [DOCUMENT ROOT DIRECTORY]
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory [DOCUMENT ROOT DIRECTORY]>
Options Indexes FollowSymLinks
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
Include conf/ssl.conf
NameVirtualHost *:80
#IF I UNCOMMENT THIS SEEMINGLY REDUNDANT SEGMENT, NO REWRITES OCCUR.
#<VirtualHost *:80>
# ServerAdmin [SERVER ADMIN EMAIL]
# DocumentRoot [DOCUMENT ROOT DIRECTORY]
# ServerName [SERVER NAME]
# SSLEngine off
#</VirtualHost>
<VirtualHost *:80>
ServerAdmin [SERVER ADMIN EMAIL]
DocumentRoot [DOCUMENT ROOT DIRECTORY]/SSLDirs
ServerName [SERVER NAME]
SSLEngine off
RewriteEngine on
RewriteRule ^/(.*)$ [R,L]
</VirtualHost>
[/tt]
The ssl.conf file is:
[tt]
<IfDefine SSL>
SSLProtocol -all +SSLv3
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<VirtualHost *:443>
DocumentRoot [DOCUMENT ROOT DIRECTORY]/SSLDirs
ServerName [MY SERVER NAME]
ServerAdmin [MY SERVER ADMIN E-MAIL ADDRESS]
SSLEngine on
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile [SSL CERTIFICATE FILE]
SSLCertificateKeyFile [SSL CERTIFICATE KEY FILE]
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "c:/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SSLOptions +FakeBasicAuth
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
<Directory [DOCUMENT ROOT DIRECTORY]/SSLDirs>
AllowOverride None
AuthName "Restricted to Authorized Users"
AuthType Basic
AuthDBMUserFile [AUTHORIZATION DATABASE USER FILE]
AuthDBMGroupFile [AUTHORIZATION DATABASE GROUP FILE]
require group [MY SECURE GROUP]
</Directory>
</VirtualHost>
</IfDefine>
[/tt]
I guess my question is this: Is it possible to have BOTH an HTTP *and* an HTTPS server for the same name/IP? If so, what, in my configuration, is preventing this?