Solved

using htaccess to fake https

Posted on 2010-09-14
14
581 Views
Last Modified: 2012-05-10
Hello,

i am trying to test a website on my server, I do not have an SSL certificate. If the test is successful it will move to a different server, so no need to buy SSL for me. I need to do a 30 minute test.

Some pages on this website are looking for https and I am getting 404 errors and others are looking for http, what I was hoping to do with the htaccess file was that if https is requested, then rewrite and deliver, if http is requested, then deliver that instead,

what i came up with so far is (it doesn't work)...




Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^/(.*):SSL$   https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]

Open in new window

0
Comment
Question by:jblayney
  • 6
  • 5
  • 3
14 Comments
 
LVL 10

Expert Comment

by:laneduncan
ID: 33675351
Seems like a better option would be just to create a self-signed SSL certificate.  That'd give you a better test, wouldn't it?  And it doesn't cost anything.

Here's a run-through on creating a wildcard certificate:

http://lanestechblog.blogspot.com/2008/03/creating-self-signed-wildcard-ssl_13.html
0
 
LVL 1

Author Comment

by:jblayney
ID: 33675437
Hello laneduncan,

thanks for the info, i read through the link you sent and it looks like it requires me to be a server administrator, which I am not. I am a web developer and don't have that kind of access to the server.
0
 
LVL 10

Expert Comment

by:laneduncan
ID: 33675561
Aha.  That makes more sense.  Still, a web server does have a default (self-signed) certificate.  

But there are a lot of setups where that wouldn't be configured correctly.  You being able to do this will depend on some settings on the server side (in the httpd.conf file; specifically, the "allowOverride" setting); if that's enabled, something like this ought to do it:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTPS} =on
RewriteRule .* http://%{SERVER_NAME}%{REQUEST_URI} [R,L]

0
 
LVL 1

Author Comment

by:jblayney
ID: 33675827
Hello again,

i do not have access to the httpd.conf file, I can do URl rewriting with the htaccess file though, so i am assuming it is set properly (correct me if I am wrong on that)

that being said, the code is not solving my problem. I am still getting 404 errors when I try certain pages which i can see are being redirected to https
0
 
LVL 10

Expert Comment

by:laneduncan
ID: 33675890
That's good (that you can override; not that it's not working!).  
What, exactly, are you seeing?  Are the URLs getting redirected correctly, but the server isn't able to find that file?  That is:  what's the address and protocol in the address line on the browser when you get the 404 error?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 33676027
The reason you can't do what you want is that SSL/https negotiation is done Before any files are served.  Which means before the '.htaccess' file is read and processed.
0
 
LVL 10

Expert Comment

by:laneduncan
ID: 33676041
True, But you wouldn't be getting a 404 error if SSL isn't configured correctly.  That's the puzzle to me.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 1

Author Comment

by:jblayney
ID: 33676058
the error i get is

Not Found

The requested URL /earth-line/posecom/login.php was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


I also added with no luck...
RewriteBase /earth-line/posecom/





0
 
LVL 10

Expert Comment

by:laneduncan
ID: 33676079
What's the actual address (including the protocol http/s) on the address line in the browser?
0
 
LVL 1

Author Comment

by:jblayney
ID: 33676113
http://www.darkstarmedia.net/earth-line/posecom/

this is my testing server, the links that mess up are sign in or create an account, i don't really like posting my server online though, will i be able to delete this after?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 33676259
There is a certificate for *.korax.net which is probably the hosting provider's server.
0
 
LVL 1

Author Comment

by:jblayney
ID: 33676531
Hello Dave,

I called the web host and inquired, I do not have access to that.
0
 
LVL 10

Accepted Solution

by:
laneduncan earned 500 total points
ID: 33676555
DaveBaldwin is correct:  SSL is working on this server, but you're right, in that it doesn't look like this virtual host is set up to support it. (https://www.server.net [not wanting to compound your server disclosure prob] doesn't work.)

So.  You've got some redirects, it would appear, in your code:

http://www.server.net/earth-line/posecom/login.php
redirects immediately to:
https://www.server.net/earth-line/posecom/login.php

Which accounts for the 404, since there isn't a virtual host that's listening on port 443 with that host header.
So it looks like the problem is going to be on the server side, rather than on the scripting side; they've got to enable SSL on that virtual server.

But if you were to get redirects to work, they wouldn't work, because your code would redirect back to https again.  And then the server would redirect to http...

Do you have a line to the server admins?  I think that's the easiest option in front of you, honestly; it'd be trivial to enable SSL on this virtualhost.  Another option would be to throw together a local apache environment and test it locally.  That's not a lot of fun, but it'd give you control, anyway...
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 33677020
When I have needed to test pages that use "https" on the live servers, I put a line in the php that selects 'http' if it's on my local servers or 'https' otherwise.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Convert curl speed_dwonload to Mbps 29 94
DNS, website, godaddy 6 71
apply ddos protection on all network interface 2 86
More Than One Website On Same DMZ Server 3 47
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now