Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ssl redirection is not working- mod_rewrite...........

Posted on 2010-08-28
11
Medium Priority
?
415 Views
Last Modified: 2012-05-10
Hi,

I want to redirect https://xyz.com to https://www.xyz.com, but somehow its not working.
we are using mod_rewrite module with apache.

Could you please direct us how to do it..........


Also its seems to be some ssl header limitation. Could you demonstrate the data flow difference between https and http



Regards.
0
Comment
Question by:pradeep_bansal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
11 Comments
 
LVL 7

Expert Comment

by:mcuk_storm
ID: 33548878
An example of how to achieve this would be:

        RewriteEngine on
        RewriteCond %{SSL} !^off$
        RewriteRule ^(.*)$      https://%{HTTP_HOST}$1
0
 

Author Comment

by:pradeep_bansal
ID: 33548938
Its working fine with http to https......
but its not working with https to https redirection......


I have done everything similar to above reply but didnt yeild anything positive.
0
 
LVL 7

Expert Comment

by:mcuk_storm
ID: 33548963
The rewrite rule for the xyz.com to www.xyz.com would be something like this:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$      https://www.%{HTTP_HOST}$1 [L]

It does work ( i have tested it on a live setup ) but please ensure that these rewrite rules are in the site configuration for the SSL site not the site running on port 80.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:pradeep_bansal
ID: 33548980
Well we are using more than one ports in apache server.


Is there any way from which this rule only confines upto 443 port.(i.e can we use AND loop in RewriteCondition--- (443)&&(!^www\.))



Please suggest..........
0
 
LVL 7

Expert Comment

by:mcuk_storm
ID: 33549069
You can add another RewriteCond so
RewriteEngine on
RewriteCond %{HTTPS} !^off$
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$      https://www.%{HTTP_HOST}$1 [L]

This will redirect to the www. version if they are using https and aren't going to the www. version.

I think i may have just worked out what you are trying to achieve, if your certificate isn't valid for the non www. version they will still get the warning message and have to accept it before this redirect will work to direct the to the domain for which the cert if valid.
0
 

Author Comment

by:pradeep_bansal
ID: 33565175
This is also giving me same result:        NO REDIRECTION


It works fine for url with http but not with https.................
0
 

Author Comment

by:pradeep_bansal
ID: 33575986
When the https header request flows then firstly it forward to CA url............ so if CA find exact url then simply throws error of bad certificate...................so rewrite process which should be taken place after ssl authentication remain unhit..........
0
 

Author Comment

by:pradeep_bansal
ID: 33576416
And after accepting "This Connection is Untrusted" message, the redirection rule is working perfectly.



But I require this before all that.........................
0
 

Author Comment

by:pradeep_bansal
ID: 33585215
Just clearing my post:


we have bought certificate for https://www.xyz.com and not for https://xyz.com.


So, we want https://xyz.com request to redirect  on https://www.xyz.com..............
but on hitting https://xyz.com, apache takes us to the message(ssl untrusted). which we want to bypass..
0
 
LVL 15

Expert Comment

by:samri
ID: 33585319
Hi pradeep,

I am not sure if this is possible at all.  Apologies for my naiveness.

If we were to look at the situation, client type in https://xyz.com/ and hit your apache, then during ssl handshake, the Browser (and not Apache) that is complaining about the certificate name mistmatch.  Note that the certificate common name is www.xyz.com, but the request is going to xyz.com.

excellent info here:
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame2.doc_5.1/ss7aumst18.htm

just my 1 cents.
0
 

Accepted Solution

by:
pradeep_bansal earned 0 total points
ID: 33680953
Yes this can not be acheived as the ssl request firstly goes to CA site.
The only way is to use wild card certificate for whole domain.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses
Course of the Month11 days, 13 hours left to enroll

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question