Solved

apache mod_rewrite causes form to be a 302 redirect on SSL based Website

Posted on 2013-01-15
3
833 Views
Last Modified: 2013-01-16
Hello Experts,

I have a website which is using SSL to encrypt all the browsing. For a reason I had to redirect all non SSL requests to the SSL requests. This is where the apache causes a 302 status code, which is not liked by Internet Explorer users with high security options. Likely to happen in corporations with firewalls and filters on their internet connections.

So what happens IE complains about being redirected to a page which is not registered with that domain, which is not true, our comodo SSL certificate covers www. non www. http and https obviously. What I think happens is, that the form is sent to the http://action-url.com/action-page.php and is then complaining that apache httpd is redirecting to the https: version of that action-page.php.

So I have a really simple form, which is post and have a action url. And then IE would output something like that:

The security certificate presented by this website was issued for a different website address.

Security certificate problems may indicate an attempt to fool you or intercept data you send to the server.

It is recommended that you close this webpage and do not go to this website.

Open in new window


What is the worst of that thing I cannot reproduce the error on my Internet Explorer 9 in my office. So I'm fishing in turbid water.

If any mod_rewrite SSL Guru is under you. I'm well thankful of any hint, which could lead to a solution.
0
Comment
Question by:mcnute
3 Comments
 
LVL 4

Assisted Solution

by:tvedtem
tvedtem earned 250 total points
ID: 38781562
The message
"The security certificate presented by this website was issued for a different website address."

Looks to me as if the SSL certificate that you're using is invalid.

Where did you get the SSL certificate from ?

If you are able to post the actual URLs it should be solvable.
Also, if you could post your Apache redirect config...
0
 
LVL 50

Accepted Solution

by:
Steve Bink earned 250 total points
ID: 38782728
As the previous expert commented, the error you are receiving does not indicate the redirect is at fault.  Generally, redirects from http to https do not generate this style of alert, i.e., going *into* security is not an issue.  The warning that appears when going from https to http is somewhat less intrusive...more like a small javascript dialog box.

The error you are receiving says that the name on the certificate does not match the owning domain of the URL requested.  Whether this is because of "www.mydomain.com" vs "mydomain.com", or because you are redirecting to a mistyped destination, it is an error you will have to address with your certificate.
0
 
LVL 11

Author Comment

by:mcnute
ID: 38785102
My certificate is from comodo and it explicitly told me on crs creation that both www. and not www. will be covered by this certificate.

This issue is might somewhat more complicated but due to information descretion I cannot post an url and my apache configurations here.

I will therefore close this questions but will assign both of you half of the points, because of useful information you provided.

Thanks,
mcnute
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Systems talking to each other 5 125
Video won't play 5 52
How can i modify my File download link ? 6 49
IE 11 + long running scripts 3 30
I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now