Bernard Barton wrote:
> I'm trying to redirect users from http://vhost.mydomain.com to
> https://vhost.mydomain.com using this RewriteRule:
>
> RewriteCond %{SERVER_PORT} !^443$
> RewriteRule ^/(.*)$ https://cj-mydomain.choicepoint.net/$1 [L,R]
>
>
> This does not seem to work. I have the following defined as a virtual
> host, and the ssl.include is listed below that. What do I need to do to
> redirect http to https on the same server?
>
> -Thanks
>
>
>
>
>
> #See file below
> Include conf/conf.d/ssl.include
>
> ErrorLog /usr/local/apache/logs/ssl_mydomain_error_log
> CustomLog /usr/local/apache/logs/ssl_mydomain_access_log combined
>
>
> ProxyRequests On
>
> ProxyPass / http://vhost.mydomain.net:80/
> ProxyPassReverse / http://vhost.mydomain.net:80/
>
>
>

>
>

>

>
>
> ########################### ssl.include
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL
>
> SSLCertificateFile
> /usr/local/apache-1.3.37/conf/ssl.crt/star_mydomain_net.crt
>
> SSLCertificateKeyFile
> /usr/local/apache-1.3.37/conf/ssl.key/star_mydomain_net.key
>
> SSLCertificateChainFile /usr/local/apache-1.3.37/conf/ssl.crt/DigiCertCA.crt
>
>
> SSLOptions +StdEnvVars
>

>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> __________________________________________________ ____________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>



This is what I use (from internal documentation):
1. Redirect all HTTP requests to HTTPS
a. Load mod_rewrite (see:
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html )
b. Add the following rule to your non-HTTPS server configuration
(httpd.conf):
# Require HTTPS
RewriteEngine on
RewriteRule ^/(.*) https://${SERVER_NAME}/$1 [redirect=permanent]


Yours should work, too, though since it is only substantially different in two
(2) ways:
1. You don't have "RewriteEngine on" in the snippet, I assume you have it
somewhere though
2. You check SERVER_PORT against !^443$ (it would probably be better to check
the environment variable HTTPS, though) -- that should work.
--
Roy Keene (Contractor)
Office of Network Management (Code 7030.8)
Naval Research Laboratory
Stennis Space Center, MS 39529
DSN 828-4827

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org