• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1693
  • Last Modified:

IBM/Apache HTTP Server Rewrite rule

Dear All,

I have question regarding IBM/Apache HTTP Server URL Rewriting, I appreciate it if anyone could explain the difference of enclosed two URL rewrite rule and effect of the entry "RewriteCond %{HTTP:DECRYPTED} True", as I seem to could not find any information related to HTTP:DECRYPTED in the internet.

Regards,
Clark
1) Rule 1
RewriteCond %{HTTP:DECRYPTED} True
RewriteCond %{HTTP_HOST} ^myhost.com$  [NC]
RewriteRule ^(.*)$ https://www.myhost.com/xxx [L,R]
==========================================================================
2) Rule 2
RewriteCond %{HTTP_HOST} ^myhost.com$  [NC]
RewriteRule ^(.*)$ https://www.myhost.com/xxx [L,R]

Open in new window

0
poisonbox
Asked:
poisonbox
  • 3
  • 2
3 Solutions
 
caterham_wwwCommented:
HTTP:foo is for HTTP request headers. I haven't seen a client which sends such a request header "DECRYPTED" to the server yet and can't find it in the relevant rfcs to be some sort of standard.
0
 
giltjrCommented:
Are you using the IBM HTTP sever to front end WebSphere?  I vaguely remember see the HTTP header DECRYPTED some place, but I can't seem to remember where.
0
 
poisonboxAuthor Commented:
giltjr,

YES, I am using IBM HTTP server to front end WebSphere.

Regards,
Clark
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
giltjrCommented:
O.K. to answer the real question:

Rule1: If Apache receives a request that has the HTTP header DECRYPTED in it, and the request is an HTTP request with host name is myhost.com, Apache will re-write the url so that it is an HTTPS request instead of HTTP.

Rule2: Seem to be the same as Rule 1, execpt that it does not check for the HTTP header DECRYPTED.

To tell the truth I don't see where Rule 1 is needed as Rule 2 should catch everything rule 1 catches also.

Now, do you have something in front of the IHS server?  It looks like this is an attempt to have all traffic be https instead of http for a specific host.

I am not sure what HTTP header it is, but I know that if you do NOT use https between IHS and WebSphere that WebSphere needs to see a specific HTTP header to know that the original request was https and not http.  This is so that when WebSphere creates the web page it knows to use https instead of http for all hrefs and redirects.

0
 
poisonboxAuthor Commented:
giltijr,

I have a load balancer in front of IHS servers.

Regards,
Clark
0
 
giltjrCommented:
Which one?  

My guess is that it (the load balancer) either was, or still is, configured to have https connections terminate in it and that it was inserting the http header DECRYPTED so that WebSphere would know that this connection request was/is https.  That way WebSphere knows when it needs to build a page that it must use "https" instead of "http" for arefs and other things.

I don't know if it is a WebSphere option or it was something we were doing, but we had one application where no matter what you typed it (http or https) the login page was forced to be https.  The only way WebSphere knew this was either the ssl connection went all the way to WebSphere or there was a special http header that told WebSphere that this connection really was https.



0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now