Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1902
  • Last Modified:

Need Apache redirect/rewrite http to https (on IIS)

We're running Apache2 on port 80 and IIS on port 443 (https). We want to redirect http://secure.ourdomain.com requests (Apache) to https://secure.ourdomain.com (IIS). I've tried redirect and various rewrite commands and can't get anything to work. I'm writing to a rewrite log at level 4, and the log was created, but nothing is written to the log.

Here is what I have now in httpd.conf:

NameVirtualHost secure.mydomain.org
<VirtualHost secure.mydomain.org>
<IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{SERVER_PORT}      !^443$
        RewriteRule ^(.*)$      https://%{SERVER_NAME}$1 [L,R=303]
RewriteLog "/www/Apache2/logs/rewrite.log"
RewriteLogLevel 4

Any  ideas?

  • 3
  • 2
  • 2
  • +2
1 Solution
Sam PanwarSr. Server AdministratorCommented:

just use a RedirectMatch wherever your HTTP is defined (global or a
specific virtual host):

RedirectMatch .* https://www.anotherserver.com$1

As long as you want to redirect all requests you shouldn't have to care
about whether it matches path or complete URL.  If you want more control
later check out mod_rewrite.
in your question your ask about
but in your httpd.conf it is
  <VirtualHost secure.mydomain.org>

is that correct?
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

judyhzAuthor Commented:
The domain names are consistently named in the httpd.conf file and in the IIS --sorry for the confusion, I was using the mydomain as an example only.
judyhzAuthor Commented:
Update--I did try

RedirectMatch .* https://www.anotherserver.com$1

All the documentation I've seen says that should work but it didn't for me.

I've also tried adding a second IP to the server, and can see both IPs in ipconfig. I used listen xxx.xxx.xxx (second IP) in the httpd.conf file but can't restart Apache with this in the httpd.conf. I can use listen with the second IP with a non-80 port, restart Apache and access the server through that non-80 port.  In IIS I am binding the secure.mydomain.com to the first IP. According to the docs I've read, this all should work...unfortunately, not for me.

Am I leaving out a step with adding the second IP to the server 2000 machine?
> .. that should work but it didn't for me.
could you please explain what you did (URL), what you get/see, what does not work, and what you see in your apache's error_log and access_log
judyhzAuthor Commented:
Fixed the problem myself--now have Apache port 80 and IIS ports 80 + 443 on the same box:

Socket pooling is enabled on IIS 5, by default, but it can be disabled
to allow other HTTP-enabled third-party software to run side-by-side
with IIS, each responding to requests sent to different IP addresses.
There are two ways to do disable socket pooling in IIS 5. First, you can
edit the metabase by using the MetaEdit utility [Hack #54]. By default,
the setting for socket pooling is defined in the metabase schema, but
you can use MetaEdit to create a new metabase key called
DisableSocketPooling in the location /LM/W3SVC and assign it the value
of true (1). In other words, the default value for DisableSocketPooling
in the schema is false (0), which means it is false to say socket
pooling is enabled.
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Redirect match is just part of it, you also need to force SSL.  Check out http:Q_21836877.html for the how-to.

Closed, 250 points refunded.

Community Support Moderator

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now