How to force SSL (https) on Apache Location

ssl svn https

26,327

Solution 1

Its not a hack. here's a quick breakdown for you:

# Turn on Rewriting
RewriteEngine on 

# Apply this rule If request does not arrive on port 443
RewriteCond %{SERVER_PORT} !443 

# RegEx to capture request, URL to send it to (tacking on the captured text, stored in $1), Redirect it, and Oh, I'm the last rule.
RewriteRule ^(.*)$ https://www.x.com/dir/$1 [R,L]

Solution 2

We use a slightly different, but mostly equivalent syntax. Rather than checking the port the request was received on, we check that HTTPS isn't being used. And we use the %{HTTP_HOST} environment variable rather than hardcoding the host name.

  RewriteEngine              On
  RewriteCond     %{HTTPS}   Off
  RewriteRule     .*         https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

I like this approach a little better, because it works when Apache is listening on non-standard ports. There could be a problem with using %{HTTP_HOST} if your site is behind a proxy, but we haven't tried that yet.

Solution 3

Try

 <Location />
    SSLRequireSSL
 </Location>

Solution 4

Additionally to the already mentioned redirect you might want to add the SSLRequireSSL directive to your Location container which will deny access if you do not use an HTTPS connection. However, the solution with a VirtualHost for your SVN site which only listens on *:443 is more elegant.

Solution 5

We define everything with name Virtual hosts. Then, if you are within a <Virtualhost *:80> definition, you don't have to check if it is not port 443, you already know it's not. You Can then just force everything that hits 80 over to 443 with a rule like:

RewriteEngine On
RewriteRule ^(.)$ https://www.yourdomain.com/$1 [R,L]

View more solutions

26,327

Joey Adams

Updated on September 17, 2022

Comments

Joey Adams almost 2 years
I'm trying to force SSL (https) on an SVN repository served by mod_dav_svn. Here's what I have:
```
<Location /svn/projectname>
  DAV svn
  SVNPath /var/repo/projectname
  Require valid-user
  AuthType Basic
  AuthName "Subversion repository"
  AuthUserFile /etc/svn-auth-projectname

  #here's what I tried (didn't work)
  SSLCipherSuite HIGH:MEDIUM
</Location>
```
However, I don't get redirected to https when I log in via http; it stays in http. Why doesn't the above work? How do I get this https redirect to work?

I've seen suggestions about using mod_rewrite, e.g.:
```
# /dir/.htaccess
RewriteEngine on
RewriteCond %{SERVER_PORT}!443
RewriteRule ^(.*)$ https://www.x.com/dir/$1 [R,L] 
```
However, I don't understand exactly what this does, so I'm afraid to use it. Plus, it looks more like an ugly hack than the correct solution.
- anthony over 6 years
  
  You can not do the redirect and th authentication in the same virtualhost. Any attempt to do so will cause the authentication to happen in HTTP, before the redirection to HTTPS! That is NOT good! You have to do them in separate virtualhosts. Redirect in a HTTP vhost and authentication in a HTTPS vhost.
philfreo over 14 years

What would cause bad argument line '%{SERVER_PORT}!443' when using this?
xentek over 14 years

not sure. do you have SSL already configured for this vhost?
Zed about 14 years

The example is not quite correct. You need a space before the !443.
Philip over 13 years

& @Zed, fixed it. Does require the space in there.
Philip over 13 years

I think the %{HTTPS} thing is only available in Apache 2.x or something like that, hence the relative prevalence of checking the port in examples found on the net. This is a better way, as you pointed out.
Synchro about 13 years

Totally agree on the vhosts approach. I find this works and saves firing up the rewrite engine: RedirectMatch 301 (.*) https://%{HTTP_HOST}$1
drafael over 12 years

RewriteRule ^/(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R]
Dave M almost 11 years

Can you elaborate on this answer?
MUY Belgium over 4 years

If we are talking about security, whe want to use a protocol, not use a specific port : this is secured by the firewall...