Solved

using htaccess to fake https

Posted on 2010-09-14
14
605 Views
Last Modified: 2012-05-10
Hello,

i am trying to test a website on my server, I do not have an SSL certificate. If the test is successful it will move to a different server, so no need to buy SSL for me. I need to do a 30 minute test.

Some pages on this website are looking for https and I am getting 404 errors and others are looking for http, what I was hoping to do with the htaccess file was that if https is requested, then rewrite and deliver, if http is requested, then deliver that instead,

what i came up with so far is (it doesn't work)...




Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^/(.*):SSL$   https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]

Open in new window

0
Comment
Question by:jblayney
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 3
14 Comments
 
LVL 10

Expert Comment

by:laneduncan
ID: 33675351
Seems like a better option would be just to create a self-signed SSL certificate.  That'd give you a better test, wouldn't it?  And it doesn't cost anything.

Here's a run-through on creating a wildcard certificate:

http://lanestechblog.blogspot.com/2008/03/creating-self-signed-wildcard-ssl_13.html
0
 
LVL 1

Author Comment

by:jblayney
ID: 33675437
Hello laneduncan,

thanks for the info, i read through the link you sent and it looks like it requires me to be a server administrator, which I am not. I am a web developer and don't have that kind of access to the server.
0
 
LVL 10

Expert Comment

by:laneduncan
ID: 33675561
Aha.  That makes more sense.  Still, a web server does have a default (self-signed) certificate.  

But there are a lot of setups where that wouldn't be configured correctly.  You being able to do this will depend on some settings on the server side (in the httpd.conf file; specifically, the "allowOverride" setting); if that's enabled, something like this ought to do it:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTPS} =on
RewriteRule .* http://%{SERVER_NAME}%{REQUEST_URI} [R,L]

0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 1

Author Comment

by:jblayney
ID: 33675827
Hello again,

i do not have access to the httpd.conf file, I can do URl rewriting with the htaccess file though, so i am assuming it is set properly (correct me if I am wrong on that)

that being said, the code is not solving my problem. I am still getting 404 errors when I try certain pages which i can see are being redirected to https
0
 
LVL 10

Expert Comment

by:laneduncan
ID: 33675890
That's good (that you can override; not that it's not working!).  
What, exactly, are you seeing?  Are the URLs getting redirected correctly, but the server isn't able to find that file?  That is:  what's the address and protocol in the address line on the browser when you get the 404 error?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 33676027
The reason you can't do what you want is that SSL/https negotiation is done Before any files are served.  Which means before the '.htaccess' file is read and processed.
0
 
LVL 10

Expert Comment

by:laneduncan
ID: 33676041
True, But you wouldn't be getting a 404 error if SSL isn't configured correctly.  That's the puzzle to me.
0
 
LVL 1

Author Comment

by:jblayney
ID: 33676058
the error i get is

Not Found

The requested URL /earth-line/posecom/login.php was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


I also added with no luck...
RewriteBase /earth-line/posecom/





0
 
LVL 10

Expert Comment

by:laneduncan
ID: 33676079
What's the actual address (including the protocol http/s) on the address line in the browser?
0
 
LVL 1

Author Comment

by:jblayney
ID: 33676113
http://www.darkstarmedia.net/earth-line/posecom/

this is my testing server, the links that mess up are sign in or create an account, i don't really like posting my server online though, will i be able to delete this after?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 33676259
There is a certificate for *.korax.net which is probably the hosting provider's server.
0
 
LVL 1

Author Comment

by:jblayney
ID: 33676531
Hello Dave,

I called the web host and inquired, I do not have access to that.
0
 
LVL 10

Accepted Solution

by:
laneduncan earned 500 total points
ID: 33676555
DaveBaldwin is correct:  SSL is working on this server, but you're right, in that it doesn't look like this virtual host is set up to support it. (https://www.server.net [not wanting to compound your server disclosure prob] doesn't work.)

So.  You've got some redirects, it would appear, in your code:

http://www.server.net/earth-line/posecom/login.php
redirects immediately to:
https://www.server.net/earth-line/posecom/login.php

Which accounts for the 404, since there isn't a virtual host that's listening on port 443 with that host header.
So it looks like the problem is going to be on the server side, rather than on the scripting side; they've got to enable SSL on that virtual server.

But if you were to get redirects to work, they wouldn't work, because your code would redirect back to https again.  And then the server would redirect to http...

Do you have a line to the server admins?  I think that's the easiest option in front of you, honestly; it'd be trivial to enable SSL on this virtualhost.  Another option would be to throw together a local apache environment and test it locally.  That's not a lot of fun, but it'd give you control, anyway...
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 33677020
When I have needed to test pages that use "https" on the live servers, I put a line in the php that selects 'http' if it's on my local servers or 'https' otherwise.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
spamming  on Hosted svrs? 6 109
System Analysis 5 70
Codiing Non-Existent Links 4 131
IIS Server infected with Ransomware - Postmortem investigation 12 433
A Change in PHP Behavior with Session Write Short Circuit (http://php.net/manual/en/book.session.php#116217) (Winter 2014)** With the release of PHP 5.6 the session handler changed in a way that many think should be considered a bug.  See the note …
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question