How to force SSL (https) on Apache Location
Solution 1
Its not a hack. here's a quick breakdown for you:
# Turn on Rewriting
RewriteEngine on
# Apply this rule If request does not arrive on port 443
RewriteCond %{SERVER_PORT} !443
# RegEx to capture request, URL to send it to (tacking on the captured text, stored in $1), Redirect it, and Oh, I'm the last rule.
RewriteRule ^(.*)$ https://www.x.com/dir/$1 [R,L]
Solution 2
We use a slightly different, but mostly equivalent syntax. Rather than checking the port the request was received on, we check that HTTPS isn't being used. And we use the %{HTTP_HOST}
environment variable rather than hardcoding the host name.
RewriteEngine On
RewriteCond %{HTTPS} Off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
I like this approach a little better, because it works when Apache is listening on non-standard ports. There could be a problem with using %{HTTP_HOST}
if your site is behind a proxy, but we haven't tried that yet.
Solution 3
Try
<Location />
SSLRequireSSL
</Location>
Solution 4
Additionally to the already mentioned redirect you might want to add the SSLRequireSSL directive to your Location container which will deny access if you do not use an HTTPS connection. However, the solution with a VirtualHost for your SVN site which only listens on *:443 is more elegant.
Solution 5
We define everything with name Virtual hosts. Then, if you are within a <Virtualhost *:80>
definition, you don't have to check if it is not port 443, you already know it's not. You Can then just force everything that hits 80 over to 443 with a rule like:
RewriteEngine On
RewriteRule ^(.)$ https://www.yourdomain.com/$1 [R,L]
Related videos on Youtube
Joey Adams
Updated on September 17, 2022Comments
-
Joey Adams almost 2 years
I'm trying to force SSL (https) on an SVN repository served by mod_dav_svn. Here's what I have:
<Location /svn/projectname> DAV svn SVNPath /var/repo/projectname Require valid-user AuthType Basic AuthName "Subversion repository" AuthUserFile /etc/svn-auth-projectname #here's what I tried (didn't work) SSLCipherSuite HIGH:MEDIUM </Location>
However, I don't get redirected to https when I log in via http; it stays in http. Why doesn't the above work? How do I get this https redirect to work?
I've seen suggestions about using mod_rewrite, e.g.:
# /dir/.htaccess RewriteEngine on RewriteCond %{SERVER_PORT}!443 RewriteRule ^(.*)$ https://www.x.com/dir/$1 [R,L]
However, I don't understand exactly what this does, so I'm afraid to use it. Plus, it looks more like an ugly hack than the correct solution.
-
anthony over 6 yearsYou can not do the redirect and th authentication in the same virtualhost. Any attempt to do so will cause the authentication to happen in HTTP, before the redirection to HTTPS! That is NOT good! You have to do them in separate virtualhosts. Redirect in a HTTP vhost and authentication in a HTTPS vhost.
-
-
philfreo over 14 yearsWhat would cause
bad argument line '%{SERVER_PORT}!443'
when using this? -
xentek over 14 yearsnot sure. do you have SSL already configured for this vhost?
-
Zed about 14 yearsThe example is not quite correct. You need a space before the
!443
. -
Philip over 13 years& @Zed, fixed it. Does require the space in there.
-
Philip over 13 yearsI think the %{HTTPS} thing is only available in Apache 2.x or something like that, hence the relative prevalence of checking the port in examples found on the net. This is a better way, as you pointed out.
-
Synchro about 13 yearsTotally agree on the vhosts approach. I find this works and saves firing up the rewrite engine:
RedirectMatch 301 (.*) https://%{HTTP_HOST}$1
-
drafael over 12 years
RewriteRule ^/(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R]
-
Dave M almost 11 yearsCan you elaborate on this answer?
-
MUY Belgium over 4 yearsIf we are talking about security, whe want to use a protocol, not use a specific port : this is secured by the firewall...