Solved

mod rewrite htaccess and https (SSL)

Posted on 2004-08-01
28
9,787 Views
Last Modified: 2010-03-04
Below is what I have so far.
Here is the problem:
I also noticed that if I use the htaccess file below and I try to access something like
https://www.maindomain.com/directory/index.php
I get an internal server error.
NOTE -  that the above URL is to a secure server (SSL) is there a condition I need to put in there so it knows what to do with the HTTPS?

RewriteEngine on
0 #Take anything other than main domain, and direct it to maindomain.com
1 RewriteCond %{HTTP_HOST} !^www.maindomain.com$ [NC]
2 RewriteCond %{REQUEST_URI} !^/robots\.txt$
3 RewriteRule (.*) http://www.maindomain.com/$1 [R=301]
4
5 #If robots.txt is requested from anything other than maindomain send new txt file.
6 RewriteCond %{HTTP_HOST} !^maindomain\.com
7 RewriteRule ^robots\.txt /robots_noindex.txt [L]
0
Comment
Question by:killer455
  • 14
  • 11
  • 3
28 Comments
 
LVL 9

Expert Comment

by:rjkimble
ID: 11692628
You need to have two virtual hosts -- one for the HTTP server (port 80) and one for the HTTPS server (port 443).

I think that line 7 needs to be something like this:

RewriteRule ^robots\.txt /robots_noindex.txt [R,L]

Maybe line 1 should be this:

RewriteCond %{HTTP_HOST} !^www\.maindomain\.com$ [NC]

0
 
LVL 4

Expert Comment

by:TomDavidson
ID: 11693076
What does it say in apache's error_log ?
0
 

Author Comment

by:killer455
ID: 11693820
This is what I am using now, simplified to try to find my problem.

Conetents of .htaccess:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 9

Expert Comment

by:rjkimble
ID: 11694109
I don't think the issue is with your rewrite rules, because I just configured my server with these rules and they worked. I do think your RewriteRule should be tweaked, however:

RewriteRule /(.*) http://www.example.com/$1 [R=301,L]

I think you should check the error log as TomDavidson suggests.
0
 

Author Comment

by:killer455
ID: 11697989
Ok when I get this error this is what I get:

Any ideas?

SSL Request Log:
[02/Aug/2004:16:39:07 -0400] 165.134.117.49 SSLv3 RC4-
MD5 "GET / HTTP/1.1" 630

Not seeing anything in the error log even though it is a 500 internal server error.
Apache/1.3.29 Server at domain.com Port 443
0
 
LVL 9

Expert Comment

by:rjkimble
ID: 11698540
No ideas here. How about posting your virtual host section for that virtual host.
0
 

Author Comment

by:killer455
ID: 11698571
I do not have access to the httpd.conf file.  This is where the virtual host section would be right?
0
 
LVL 9

Expert Comment

by:rjkimble
ID: 11698735
Yes. That does present a problem.
0
 
LVL 4

Expert Comment

by:TomDavidson
ID: 11699517
Could it be that the error_log is somewhere else? Some hosts log each virtualhost's access log separately from the main logs but not the error_log - just a thought as a 500 error should produce a line in the error_log.
0
 

Author Comment

by:killer455
ID: 11699654
Well i have access to the error logs but it seems that it is not logging any HTTPS requests that produce an error.
0
 
LVL 4

Expert Comment

by:TomDavidson
ID: 11701824
see if there is any useful information in ssl_error_log if you have access to it.
0
 

Author Comment

by:killer455
ID: 11704593
Tom,
There is where the problem lies.  I am trying to get my host to enable these error logs.  It seems to be taking them a little bit to do it.  Right now there is only a ssl_request_log that lists what I posted above.
0
 
LVL 9

Expert Comment

by:rjkimble
ID: 11704884
>> There is where the problem lies.

Agreed. I don't think we have enough information to help you with your problem. If you can't see httpd.conf, it makes life a bit tricky.

However, something just occurred to me. If you're configuring mod_rewrite through .htaccess files, then it seems to me that both HTTP and HTTPS requests will be affected the same unless you differentiate somehow. And that means you might consider adding the following directive:

RewriteCond %{SERVER_PORT} ^80$

So your rewrite rules would look like this:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteCond %{SERVER_PORT} ^80$
RewriteRule /(.*) http://www.example.com/$1 [R=301,L]

For HTTPS rewrite rules, you would use 443 for the port instead of 80.
0
 

Author Comment

by:killer455
ID: 11705273
rjkimble,

I have tried that, and doing
RewriteCond %{SERVER_PORT} !^443$

I have also tried simply doing
RewriteCond %{HTTP_HOST} !.example\.com:443$ [NC]

I am waiting on ssl error logs then I will be able to post more info.
0
 

Author Comment

by:killer455
ID: 11708399
Ok finally, here is the ssl_error_log statement:

Here is what I get from the error log.
Keep in mind it works for HTTP request, but not HTTPS.
[Tue Aug 3 14:48:18 2004] [alert] [client 165.134.117.49] /home/username/www/.htaccess: Invalid command 'RewriteEngine',
perhaps mis-spelled or defined by a module not
included in the server configuration
0
 
LVL 9

Accepted Solution

by:
rjkimble earned 200 total points
ID: 11710237
Maybe all you need to do is to wrap your rewrite rules with the <IfModule> tag:

Options +FollowSymLinks
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
  RewriteRule (.*) http://www.example.com/$1 [R=301,L]
</IfModule>
0
 

Author Comment

by:killer455
ID: 11710888
That works except the rewrites do not work for https:// and when I access a https:// document it says the certificate does not match (this only happens when I add what you have above to the .htaccess file)
0
 
LVL 9

Expert Comment

by:rjkimble
ID: 11711170
It appears that you need to discuss this with your hosting provider. What does the certificate say when you make this change? Meaning, what does the certificate say is the name of your server, and what is the name of the server you're attempting to browse to? That's what I would look at and discuss with the hosting provider. It's possible that your provider has configured separate instances of Apache, one for HTTP and one for HTTPS, and that their configurations don't match.
0
 

Author Comment

by:killer455
ID: 11723298
Ok until my host fixes their problems this is what I have.

Questions:
1) Does the subdirectory redirect need to be a R=301? How will search engines handle this?

Options +FollowSymLinks
<IfModule mod_rewrite.c>
  RewriteEngine on

  #redirect a domain to a subdirectory on my server
  RewriteCond %{HTTP_HOST}    ^(ww+\.)?somesubdomain\.com [NC]
  RewriteCond %{REQUEST_URI} !/somesubdomain/
  RewriteRule ^(.*)$ /somesubdomain/$1 [L]

  RewriteCond %{HTTP_HOST} !^www\.maindomain\.com [NC]
  RewriteRule (.*) http://www.maindomain.com/$1 [R=301,L]
</IfModule>
0
 

Author Comment

by:killer455
ID: 11723320
Also is there a way to have a certain subdirectory in my domain to be ONLY accessable via HTTPS?  In other words if any requests to a directory are made from HTTP is redirects to HTTPS?  Please note this is only for a defined directory not the whole domain.

Points increased.
0
 

Author Comment

by:killer455
ID: 11723334
I also want to keep the maindomain.com name in the browser address bar for the subdomain redirect, with the code above, it doesnt.
0
 
LVL 9

Expert Comment

by:rjkimble
ID: 11728288
Can you give some sample input URL's and what you want them rewritten to? That would help me a lot.
0
 

Author Comment

by:killer455
ID: 11728688
0
 
LVL 9

Expert Comment

by:rjkimble
ID: 11729010
Then in the order directory, try something like this:

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCondition    %{SERVER_PORT}    !^443$
  RewriteRule    ^/order/(.*)$    https://www.maindomain.com/order/$1    [R,L]
</IfModule>

BTW -- I don't know anything about how search engines handle redirects. That's not my bag. I don't even know the appropriate place to post search engine optimization questions.
0
 

Author Comment

by:killer455
ID: 11729085
I will try that once i get back to my main computer.  Will close this questions tonight and award points.  Thanks.
0
 

Author Comment

by:killer455
ID: 11732123
rjkimble,
It doesnt seem to have any effect.
0
 
LVL 9

Expert Comment

by:rjkimble
ID: 11732605
Here's an interesting comment I just noticed in the documentation:

Note: To enable the rewriting engine for per-directory configuration files you need to set ``RewriteEngine On'' in these files and ``Options FollowSymLinks'' must be enabled. If your administrator has disabled override of FollowSymLinks for a user's directory, then you cannot use the rewriting engine. This restriction is needed for security reasons.
0
 
LVL 9

Expert Comment

by:rjkimble
ID: 11737242
Did you get it to work?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question