SSL protect on some directories with mod_rewrite

I have a apache website that I need some directories protected by ssl. So I got the certificate etc... Now I have two virtual hosts, one that is the unsecure and one that is the secure. There are only a few directories that I need secured by ssl.

for example:
http://www.some.domain.name.com/distance/register/
http://www.some.domain.name.com/registrar/request/

So to get those directories secured I put this mod_rewrite code into the unsecure httpd.conf file.


<Directory /var/www/www/distance >
                        RewriteEngine On
                        RewriteBase /
                        RewriteCond %{REQUEST_FILENAME} -f [OR]
                        RewriteCond %{REQUEST_FILENAME} -d
                        RewriteRule ^register/(.*) https://www.some.domain.com/distance/register/$1 [C]
        </Directory>

        <Directory /var/www/www/registrar >
                        RewriteEngine On
                        RewriteBase /
                        RewriteCond %{REQUEST_FILENAME} -f [OR]
                        RewriteCond %{REQUEST_FILENAME} -d
                        RewriteRule ^request/(.*) https://www.some.domain.com/registrar/request/$1 [C]
     </Directory>


This works great.

The problem is that once people have viewed those pages that are in those secure directories the rest of the pages they view on the site are on the secure site. I would like to have a rewriterule in the secure virtual host to check if they are not in one of those directories and redirect them back to the unsecure site.

I've been banging my head trying to get this and I can't figure it out. (I'm new to regular expressions and mod_rewrite). I keep getting redirected back and forth until the browser tells me "Too many redirects." or some such error.

Here's what I have so far for the secure virtual host, but again, it doesn't seem to work.

RewriteEngine On
RewriteRule !^register(.*) - [C]
RewriteRule ^/(.*) http://www.some.domain.com/$1 [L]
RewriteRule !^registrar/request/(.*) - [C]
RewriteRule ^/(.*) http://www.some.domain.com/$1 [L]


Could someone tell me what I'm doing wrong?

Do I need to put the secure rewrite rules in a <Directory> structure.

Thank you.
umfkitAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sleep_furiouslyCommented:
In general, if you don't know what mod_rewrite is doing or why it is doing it, detailed logging can help.  (But be sure to enable this only temporarily for debugging; it logs a lot at higher levels.)

  RewriteLog logs/rewrite.log
  RewriteLogLevel 9

In this particular case, I suspect what is happening is that your SSL vhost does not have any Directory sections, so the rules that you have set up there still apply for those directory paths on the SSL vhost.

You might try putting in your SSL virtual host:

   <Directory /var/www/www/distance >
   </Directory>

   <Directory /var/www/www/registrar >
   </Directory>

to override the server-wide settings.  Or even:

   <Directory /var/www/www/distance >
      RewriteEngine Off
   </Directory>

   <Directory /var/www/www/registrar >
      RewriteEngine Off
   </Directory>

In general, RewriteRule set in the main server config are not inherited by virtual hosts (unless RewriteOption inherit is set).  For <Directory> sections, the "inherit" option controls whether or not settings are inherited from a parent directory.  In the case you have given, I am unsure about the interaction between the vhost inheriting the whole <Directory> section and the general rule that RewriteRule is not inherited by virtual hosts from the main config.  In your case, I suspect the virtual host has inherited the <Directory> sections from the main server config.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.