We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

IBM/Apache HTTP Server Rewrite rule

Medium Priority
1,867 Views
Last Modified: 2013-11-21
Dear All,

I have question regarding IBM/Apache HTTP Server URL Rewriting, I appreciate it if anyone could explain the difference of enclosed two URL rewrite rule and effect of the entry "RewriteCond %{HTTP:DECRYPTED} True", as I seem to could not find any information related to HTTP:DECRYPTED in the internet.

Regards,
Clark
1) Rule 1
RewriteCond %{HTTP:DECRYPTED} True
RewriteCond %{HTTP_HOST} ^myhost.com$  [NC]
RewriteRule ^(.*)$ https://www.myhost.com/xxx [L,R]
==========================================================================
2) Rule 2
RewriteCond %{HTTP_HOST} ^myhost.com$  [NC]
RewriteRule ^(.*)$ https://www.myhost.com/xxx [L,R]

Open in new window

Comment
Watch Question

Top Expert 2008
Commented:
HTTP:foo is for HTTP request headers. I haven't seen a client which sends such a request header "DECRYPTED" to the server yet and can't find it in the relevant rfcs to be some sort of standard.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Top Expert 2014

Commented:
Are you using the IBM HTTP sever to front end WebSphere?  I vaguely remember see the HTTP header DECRYPTED some place, but I can't seem to remember where.

Author

Commented:
giltjr,

YES, I am using IBM HTTP server to front end WebSphere.

Regards,
Clark
CERTIFIED EXPERT
Top Expert 2014
Commented:
O.K. to answer the real question:

Rule1: If Apache receives a request that has the HTTP header DECRYPTED in it, and the request is an HTTP request with host name is myhost.com, Apache will re-write the url so that it is an HTTPS request instead of HTTP.

Rule2: Seem to be the same as Rule 1, execpt that it does not check for the HTTP header DECRYPTED.

To tell the truth I don't see where Rule 1 is needed as Rule 2 should catch everything rule 1 catches also.

Now, do you have something in front of the IHS server?  It looks like this is an attempt to have all traffic be https instead of http for a specific host.

I am not sure what HTTP header it is, but I know that if you do NOT use https between IHS and WebSphere that WebSphere needs to see a specific HTTP header to know that the original request was https and not http.  This is so that when WebSphere creates the web page it knows to use https instead of http for all hrefs and redirects.

Author

Commented:
giltijr,

I have a load balancer in front of IHS servers.

Regards,
Clark
CERTIFIED EXPERT
Top Expert 2014
Commented:
Which one?  

My guess is that it (the load balancer) either was, or still is, configured to have https connections terminate in it and that it was inserting the http header DECRYPTED so that WebSphere would know that this connection request was/is https.  That way WebSphere knows when it needs to build a page that it must use "https" instead of "http" for arefs and other things.

I don't know if it is a WebSphere option or it was something we were doing, but we had one application where no matter what you typed it (http or https) the login page was forced to be https.  The only way WebSphere knew this was either the ssl connection went all the way to WebSphere or there was a special http header that told WebSphere that this connection really was https.



Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.