Hi,
I am trying to configure Apache so that it only connects to a secure connection i.e. https:// when I browse to a certain page, i.e. login page. Does anyone know how to do this? I have configured Apache to run on a secure port.
thanks,
jlar
Hi,
I am trying to configure Apache so that it only connects to a secure connection i.e. https:// when I browse to a certain page, i.e. login page. Does anyone know how to do this? I have configured Apache to run on a secure port.
thanks,
jlar
A rewrite rule will do what you want. Here’s one I used for a site. Don’t ask me to explain it off the top of my head, mod_rewrite is powerful but black magic. Something I’ve been meaning to delve more into but need a project to do it for.
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
Here’s a tute for mod_rewrite. [(http://httpd.apache.org/docs/2.0/misc/rewriteguide.html) but you should be able to find more friendly tutes on the web.]((http://httpd.apache.org/docs/2.0/misc/rewriteguide.html) but you should be able to find more friendly tutes on the web.)
Hi Ken_yap,
You always reply to my posts… thanks yet again.
I will give that a try
jlar
Hi,
Not sure if I am going about this the right way…
I want to redirect all requests to
http://localhost/account
to
http**s**://localhost/account
Do I put the .htaccess in the /account folder? I put this into http://localhost/account
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
I already have a .htaccess file in the document root which routes all requests through index.php:
RewriteEngine on
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1
Also I don’t know whether to be on port 80 or 443. I put both into my vhosts file:
<VirtualHost *:80>
ServerName apollo
DocumentRoot /var/www/phpweb20/htdocs
<Directory /var/www/phpweb20/htdocs>
AllowOverride All
Options All
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName apollo
DocumentRoot /var/www/phpweb20/htdocs
<Directory /var/www/phpweb20/htdocs>
AllowOverride All
Options All
</Directory>
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:!eNULL
SSLCertificateFile /etc/apache2/ssl/server.pem
SSLCertificateKeyFile /etc/apache2/ssl/serverkey.pem
SSLCACertificateFile /etc/apache2/ssl/cacert.pem
SSLVerifyClient require
SSLVerifyDepth 1
SSLOptions +StrictRequire +StdEnvVars
<Directory /var/www/phpweb20/htdocs/account>
SSLRequireSSL
SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
SSLRequire %{SSL_CLIENT_S_DN_O} eq "Secure Space"
SSLRequire %{SSL_CLIENT_S_DN_OU} eq "Administration"
</Directory>
Alias /phpMyAdmin "/srv/www/oci/htdocs/phpMyAdmin"
<Directory /srv/www/oci/htdocs/phpMyAdmin>
# Restrict phpmyadmin access to just my worksation
Options All
Deny from none
Allow from localhost
</Directory>
</VirtualHost>
Yeah, combine those rewrite rules with the set already there, but you have to be careful of the order in which they are executed, so read up on what those flags (e.g. [L,R]) mean.
You’ll need sections for both port 80 and port 443.