I use this in the port 80 virtual host (or main section) to refer any
http request to https. The DocumentRoots should be the same or at least
point to a similar file system structure in the http and ssl
virtualhosts. It also informs proxies that it should cache the https
version and not the http due to the 301 response code.


RedirectMatch 301 (.*)$ https://servername.comain$1
=20


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailtowner-modssl-users@modssl.org] On Behalf Of Roy Keene
(Contractor)
Sent: Thursday, October 11, 2007 8:00 AM
To: modssl-users@modssl.org
Subject: Re: How to redirect http to https on same server?

Bernard Barton wrote:
> I'm trying to redirect users from http://vhost.mydomain.com to=20
> https://vhost.mydomain.com using this RewriteRule:
>=20
> RewriteCond %{SERVER_PORT} !^443$
> RewriteRule ^/(.*)$ https://cj-mydomain.choicepoint.net/$1 [L,R]
>=20
>=20
> This does not seem to work. I have the following defined as a virtual


> host, and the ssl.include is listed below that. What do I need to do=20
> to redirect http to https on the same server?
>=20
> -Thanks
>=20
>=20
>
>
>=20
> #See file below
> Include conf/conf.d/ssl.include
>=20
> ErrorLog /usr/local/apache/logs/ssl_mydomain_error_log
> CustomLog /usr/local/apache/logs/ssl_mydomain_access_log=20
> combined
>=20
>
> ProxyRequests On
>=20
> ProxyPass / http://vhost.mydomain.net:80/
> ProxyPassReverse / http://vhost.mydomain.net:80/
> =20
>=20
>

>=20
>

>

>=20
>=20
> ########################### ssl.include
>=20
> SSLEngine on
>=20
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL
>=20
> SSLCertificateFile
> /usr/local/apache-1.3.37/conf/ssl.crt/star_mydomain_net.crt
>=20
> SSLCertificateKeyFile
> /usr/local/apache-1.3.37/conf/ssl.key/star_mydomain_net.key
>=20
> SSLCertificateChainFile=20
> /usr/local/apache-1.3.37/conf/ssl.crt/DigiCertCA.crt
>=20
>
> SSLOptions +StdEnvVars
>

>=20
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>=20
> __________________________________________________ ____________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>=20



This is what I use (from internal documentation):
1. Redirect all HTTP requests to HTTPS
a. Load mod_rewrite (see:
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html )
b. Add the following rule to your non-HTTPS server
configuration
(httpd.conf):
# Require HTTPS
RewriteEngine on
RewriteRule ^/(.*) https://${SERVER_NAME}/$1
[redirect=3Dpermanent]


Yours should work, too, though since it is only substantially different
in two
(2) ways:
1. You don't have "RewriteEngine on" in the snippet, I assume
you have it somewhere though
2. You check SERVER_PORT against !^443$ (it would probably be
better to check the environment variable HTTPS, though) -- that should
work.
--=20
Roy Keene (Contractor)
Office of Network Management (Code 7030.8)
Naval Research Laboratory
Stennis Space Center, MS 39529
DSN 828-4827

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org