Solved

mod rewrite htaccess and https (SSL)

Posted on 2004-08-01
28
9,777 Views
Last Modified: 2010-03-04
Below is what I have so far.
Here is the problem:
I also noticed that if I use the htaccess file below and I try to access something like
https://www.maindomain.com/directory/index.php
I get an internal server error.
NOTE -  that the above URL is to a secure server (SSL) is there a condition I need to put in there so it knows what to do with the HTTPS?

RewriteEngine on
0 #Take anything other than main domain, and direct it to maindomain.com
1 RewriteCond %{HTTP_HOST} !^www.maindomain.com$ [NC]
2 RewriteCond %{REQUEST_URI} !^/robots\.txt$
3 RewriteRule (.*) http://www.maindomain.com/$1 [R=301]
4
5 #If robots.txt is requested from anything other than maindomain send new txt file.
6 RewriteCond %{HTTP_HOST} !^maindomain\.com
7 RewriteRule ^robots\.txt /robots_noindex.txt [L]
0
Comment
Question by:killer455
  • 14
  • 11
  • 3
28 Comments
 
LVL 9

Expert Comment

by:rjkimble
Comment Utility
You need to have two virtual hosts -- one for the HTTP server (port 80) and one for the HTTPS server (port 443).

I think that line 7 needs to be something like this:

RewriteRule ^robots\.txt /robots_noindex.txt [R,L]

Maybe line 1 should be this:

RewriteCond %{HTTP_HOST} !^www\.maindomain\.com$ [NC]

0
 
LVL 4

Expert Comment

by:TomDavidson
Comment Utility
What does it say in apache's error_log ?
0
 

Author Comment

by:killer455
Comment Utility
This is what I am using now, simplified to try to find my problem.

Conetents of .htaccess:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
0
 
LVL 9

Expert Comment

by:rjkimble
Comment Utility
I don't think the issue is with your rewrite rules, because I just configured my server with these rules and they worked. I do think your RewriteRule should be tweaked, however:

RewriteRule /(.*) http://www.example.com/$1 [R=301,L]

I think you should check the error log as TomDavidson suggests.
0
 

Author Comment

by:killer455
Comment Utility
Ok when I get this error this is what I get:

Any ideas?

SSL Request Log:
[02/Aug/2004:16:39:07 -0400] 165.134.117.49 SSLv3 RC4-
MD5 "GET / HTTP/1.1" 630

Not seeing anything in the error log even though it is a 500 internal server error.
Apache/1.3.29 Server at domain.com Port 443
0
 
LVL 9

Expert Comment

by:rjkimble
Comment Utility
No ideas here. How about posting your virtual host section for that virtual host.
0
 

Author Comment

by:killer455
Comment Utility
I do not have access to the httpd.conf file.  This is where the virtual host section would be right?
0
 
LVL 9

Expert Comment

by:rjkimble
Comment Utility
Yes. That does present a problem.
0
 
LVL 4

Expert Comment

by:TomDavidson
Comment Utility
Could it be that the error_log is somewhere else? Some hosts log each virtualhost's access log separately from the main logs but not the error_log - just a thought as a 500 error should produce a line in the error_log.
0
 

Author Comment

by:killer455
Comment Utility
Well i have access to the error logs but it seems that it is not logging any HTTPS requests that produce an error.
0
 
LVL 4

Expert Comment

by:TomDavidson
Comment Utility
see if there is any useful information in ssl_error_log if you have access to it.
0
 

Author Comment

by:killer455
Comment Utility
Tom,
There is where the problem lies.  I am trying to get my host to enable these error logs.  It seems to be taking them a little bit to do it.  Right now there is only a ssl_request_log that lists what I posted above.
0
 
LVL 9

Expert Comment

by:rjkimble
Comment Utility
>> There is where the problem lies.

Agreed. I don't think we have enough information to help you with your problem. If you can't see httpd.conf, it makes life a bit tricky.

However, something just occurred to me. If you're configuring mod_rewrite through .htaccess files, then it seems to me that both HTTP and HTTPS requests will be affected the same unless you differentiate somehow. And that means you might consider adding the following directive:

RewriteCond %{SERVER_PORT} ^80$

So your rewrite rules would look like this:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteCond %{SERVER_PORT} ^80$
RewriteRule /(.*) http://www.example.com/$1 [R=301,L]

For HTTPS rewrite rules, you would use 443 for the port instead of 80.
0
 

Author Comment

by:killer455
Comment Utility
rjkimble,

I have tried that, and doing
RewriteCond %{SERVER_PORT} !^443$

I have also tried simply doing
RewriteCond %{HTTP_HOST} !.example\.com:443$ [NC]

I am waiting on ssl error logs then I will be able to post more info.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:killer455
Comment Utility
Ok finally, here is the ssl_error_log statement:

Here is what I get from the error log.
Keep in mind it works for HTTP request, but not HTTPS.
[Tue Aug 3 14:48:18 2004] [alert] [client 165.134.117.49] /home/username/www/.htaccess: Invalid command 'RewriteEngine',
perhaps mis-spelled or defined by a module not
included in the server configuration
0
 
LVL 9

Accepted Solution

by:
rjkimble earned 200 total points
Comment Utility
Maybe all you need to do is to wrap your rewrite rules with the <IfModule> tag:

Options +FollowSymLinks
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
  RewriteRule (.*) http://www.example.com/$1 [R=301,L]
</IfModule>
0
 

Author Comment

by:killer455
Comment Utility
That works except the rewrites do not work for https:// and when I access a https:// document it says the certificate does not match (this only happens when I add what you have above to the .htaccess file)
0
 
LVL 9

Expert Comment

by:rjkimble
Comment Utility
It appears that you need to discuss this with your hosting provider. What does the certificate say when you make this change? Meaning, what does the certificate say is the name of your server, and what is the name of the server you're attempting to browse to? That's what I would look at and discuss with the hosting provider. It's possible that your provider has configured separate instances of Apache, one for HTTP and one for HTTPS, and that their configurations don't match.
0
 

Author Comment

by:killer455
Comment Utility
Ok until my host fixes their problems this is what I have.

Questions:
1) Does the subdirectory redirect need to be a R=301? How will search engines handle this?

Options +FollowSymLinks
<IfModule mod_rewrite.c>
  RewriteEngine on

  #redirect a domain to a subdirectory on my server
  RewriteCond %{HTTP_HOST}    ^(ww+\.)?somesubdomain\.com [NC]
  RewriteCond %{REQUEST_URI} !/somesubdomain/
  RewriteRule ^(.*)$ /somesubdomain/$1 [L]

  RewriteCond %{HTTP_HOST} !^www\.maindomain\.com [NC]
  RewriteRule (.*) http://www.maindomain.com/$1 [R=301,L]
</IfModule>
0
 

Author Comment

by:killer455
Comment Utility
Also is there a way to have a certain subdirectory in my domain to be ONLY accessable via HTTPS?  In other words if any requests to a directory are made from HTTP is redirects to HTTPS?  Please note this is only for a defined directory not the whole domain.

Points increased.
0
 

Author Comment

by:killer455
Comment Utility
I also want to keep the maindomain.com name in the browser address bar for the subdomain redirect, with the code above, it doesnt.
0
 
LVL 9

Expert Comment

by:rjkimble
Comment Utility
Can you give some sample input URL's and what you want them rewritten to? That would help me a lot.
0
 

Author Comment

by:killer455
Comment Utility
0
 
LVL 9

Expert Comment

by:rjkimble
Comment Utility
Then in the order directory, try something like this:

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCondition    %{SERVER_PORT}    !^443$
  RewriteRule    ^/order/(.*)$    https://www.maindomain.com/order/$1    [R,L]
</IfModule>

BTW -- I don't know anything about how search engines handle redirects. That's not my bag. I don't even know the appropriate place to post search engine optimization questions.
0
 

Author Comment

by:killer455
Comment Utility
I will try that once i get back to my main computer.  Will close this questions tonight and award points.  Thanks.
0
 

Author Comment

by:killer455
Comment Utility
rjkimble,
It doesnt seem to have any effect.
0
 
LVL 9

Expert Comment

by:rjkimble
Comment Utility
Here's an interesting comment I just noticed in the documentation:

Note: To enable the rewriting engine for per-directory configuration files you need to set ``RewriteEngine On'' in these files and ``Options FollowSymLinks'' must be enabled. If your administrator has disabled override of FollowSymLinks for a user's directory, then you cannot use the rewriting engine. This restriction is needed for security reasons.
0
 
LVL 9

Expert Comment

by:rjkimble
Comment Utility
Did you get it to work?
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now