Solved

using htaccess to fake https

Posted on 2010-09-14
14
613 Views
Last Modified: 2012-05-10
Hello,

i am trying to test a website on my server, I do not have an SSL certificate. If the test is successful it will move to a different server, so no need to buy SSL for me. I need to do a 30 minute test.

Some pages on this website are looking for https and I am getting 404 errors and others are looking for http, what I was hoping to do with the htaccess file was that if https is requested, then rewrite and deliver, if http is requested, then deliver that instead,

what i came up with so far is (it doesn't work)...




Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^/(.*):SSL$   https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]

Open in new window

0
Comment
Question by:jblayney
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 3
14 Comments
 
LVL 10

Expert Comment

by:laneduncan
ID: 33675351
Seems like a better option would be just to create a self-signed SSL certificate.  That'd give you a better test, wouldn't it?  And it doesn't cost anything.

Here's a run-through on creating a wildcard certificate:

http://lanestechblog.blogspot.com/2008/03/creating-self-signed-wildcard-ssl_13.html
0
 
LVL 1

Author Comment

by:jblayney
ID: 33675437
Hello laneduncan,

thanks for the info, i read through the link you sent and it looks like it requires me to be a server administrator, which I am not. I am a web developer and don't have that kind of access to the server.
0
 
LVL 10

Expert Comment

by:laneduncan
ID: 33675561
Aha.  That makes more sense.  Still, a web server does have a default (self-signed) certificate.  

But there are a lot of setups where that wouldn't be configured correctly.  You being able to do this will depend on some settings on the server side (in the httpd.conf file; specifically, the "allowOverride" setting); if that's enabled, something like this ought to do it:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTPS} =on
RewriteRule .* http://%{SERVER_NAME}%{REQUEST_URI} [R,L]

0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 1

Author Comment

by:jblayney
ID: 33675827
Hello again,

i do not have access to the httpd.conf file, I can do URl rewriting with the htaccess file though, so i am assuming it is set properly (correct me if I am wrong on that)

that being said, the code is not solving my problem. I am still getting 404 errors when I try certain pages which i can see are being redirected to https
0
 
LVL 10

Expert Comment

by:laneduncan
ID: 33675890
That's good (that you can override; not that it's not working!).  
What, exactly, are you seeing?  Are the URLs getting redirected correctly, but the server isn't able to find that file?  That is:  what's the address and protocol in the address line on the browser when you get the 404 error?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 33676027
The reason you can't do what you want is that SSL/https negotiation is done Before any files are served.  Which means before the '.htaccess' file is read and processed.
0
 
LVL 10

Expert Comment

by:laneduncan
ID: 33676041
True, But you wouldn't be getting a 404 error if SSL isn't configured correctly.  That's the puzzle to me.
0
 
LVL 1

Author Comment

by:jblayney
ID: 33676058
the error i get is

Not Found

The requested URL /earth-line/posecom/login.php was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


I also added with no luck...
RewriteBase /earth-line/posecom/





0
 
LVL 10

Expert Comment

by:laneduncan
ID: 33676079
What's the actual address (including the protocol http/s) on the address line in the browser?
0
 
LVL 1

Author Comment

by:jblayney
ID: 33676113
http://www.darkstarmedia.net/earth-line/posecom/

this is my testing server, the links that mess up are sign in or create an account, i don't really like posting my server online though, will i be able to delete this after?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 33676259
There is a certificate for *.korax.net which is probably the hosting provider's server.
0
 
LVL 1

Author Comment

by:jblayney
ID: 33676531
Hello Dave,

I called the web host and inquired, I do not have access to that.
0
 
LVL 10

Accepted Solution

by:
laneduncan earned 500 total points
ID: 33676555
DaveBaldwin is correct:  SSL is working on this server, but you're right, in that it doesn't look like this virtual host is set up to support it. (https://www.server.net [not wanting to compound your server disclosure prob] doesn't work.)

So.  You've got some redirects, it would appear, in your code:

http://www.server.net/earth-line/posecom/login.php
redirects immediately to:
https://www.server.net/earth-line/posecom/login.php

Which accounts for the 404, since there isn't a virtual host that's listening on port 443 with that host header.
So it looks like the problem is going to be on the server side, rather than on the scripting side; they've got to enable SSL on that virtual server.

But if you were to get redirects to work, they wouldn't work, because your code would redirect back to https again.  And then the server would redirect to http...

Do you have a line to the server admins?  I think that's the easiest option in front of you, honestly; it'd be trivial to enable SSL on this virtualhost.  Another option would be to throw together a local apache environment and test it locally.  That's not a lot of fun, but it'd give you control, anyway...
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 33677020
When I have needed to test pages that use "https" on the live servers, I put a line in the php that selects 'http' if it's on my local servers or 'https' otherwise.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question