Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Have website always be https even if they type in http

Posted on 2006-11-17
17
Medium Priority
?
272 Views
Last Modified: 2010-03-04
My company recently got a CA certificate from verisign.  Now we want to secure our entire website.  I have apache 2.0.49, and https works perfectly

I want to know if there is a way, without going and changing every page/link, to just make everything goto the https:// instead of http://
0
Comment
Question by:revo1059
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
  • 2
  • +1
17 Comments
 
LVL 43

Expert Comment

by:ravenpl
ID: 17968462
In Your webroot folder create .htaccess file with following content

RewriteEngine On
ReriteCond %{HTTPS} off
RewriteRule (.*) htps://%{SERVER_NAME}%{REQUEST_URI} [L,R]
0
 
LVL 43

Accepted Solution

by:
ravenpl earned 1200 total points
ID: 17968490
Sorry for typos - my wireless kb fails sometimes - have to replace
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Also note, that it will redirect user externally - user will notice it's redirected. Also if user types
http://web.com and the real server name is www.web.com, it will be redirected to www.web.com - which is SERVER_NAME in our example.

0
 
LVL 1

Author Comment

by:revo1059
ID: 17968535
i tried creating a .htacces and pasted the code you gave me exactly, and it didnt work.  Do i need to do anything else in apache to tell it to read that file?
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 43

Expert Comment

by:ravenpl
ID: 17968604
> Do i need to do anything else in apache to tell it to read that file?
Usually no, mod_rewrite is usually there and allowed. But in fact You need to be allowed to override FileInfo
Refer http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewriteengine http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride
You can also try:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17968621
And the filename is .htaccess not .htacces - just to be sure.
0
 
LVL 1

Author Comment

by:revo1059
ID: 17968636
I know, that was a type-o

I am not very familiar with the httpd.conf file, could you be more specific about where i need to put that allow override
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17968678
Find section
<Directory />
add/change: AllowOverride FileInfo
and restart apache.
But I'm nost sure if that's the problem. Have You tried with the '!on' instead of 'off'
0
 
LVL 1

Author Comment

by:revo1059
ID: 17968713
i looked at my config file.  It looks like i need to change a file in /etc/apache2 called default-server.conf

theres a part that starts with </Directory where i found my server root.  I changed that AllowOverride from none to all.  When i did that, I could get to my webpage anymore.  It said internal server error
0
 
LVL 27

Assisted Solution

by:caterham_www
caterham_www earned 400 total points
ID: 17969483
Just put a

Redirect 301 / https://example.com/

into your <virtualhost> for port 80.
0
 
LVL 1

Author Comment

by:revo1059
ID: 17969606
I don't know what file to put that in.  I have SLES 9 and apache2.  Can you tell me where that would be

I searched /etc/apache2/httpd.conf, /etc/http/httpd.conf and couldn't find anything like <virtualhost>
0
 
LVL 13

Expert Comment

by:rhickmott
ID: 17978002
Try placing it in the <directory> part for your document root.
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17978023
revo1059: You can use Redirect but only if DocumentRoot for Ssl and nonSsl virtualhosts differ.
In such case, just create .htaccess in nonSsl web path with the content rhickmott provided.
0
 
LVL 1

Author Comment

by:revo1059
ID: 17978847
when I tried the .htaccess, i got a error 500... internal server error
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 17978924
You need to be allow to override FileInfo. Also rewrite requires the very same override.
Refer http://httpd.apache.org/docs/2.0/mod/mod_alias.html#redirect http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride
You can verist the real error in apache's error log.
0
 
LVL 1

Author Comment

by:revo1059
ID: 17978952
I did a tail -f on the error_log for apache, and got this:

Invalid command 'RewriteEngine', perhaps mis-spelled or defined by a module not included in the server configuration
0
 
LVL 13

Assisted Solution

by:rhickmott
rhickmott earned 400 total points
ID: 17979206
Look for

LoadModule rewrite_module modules/mod_rewrite.so

and remove any # from the start of it
0
 
LVL 1

Author Comment

by:revo1059
ID: 17979547
I have just been told by my boss that he doesn't want https for the homepage.  I guess I will have to come up with another solution.  Thank you for all your advice.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question