HTTP to HTTPS rewrite rule not working

apache2 mod-rewrite mod-ssl
45,009

If you want that http://www.mywebsite.com/ is always be sent over https you should use redirect because use mod_rewrite isn't the recommended behavior.

According to Redirect Request to SSL Apache wiki page:

When using SSL, you will frequently have at least two virtual hosts: one on port 80 to serve ordinary requests, and one on port 443 to serve SSL. If you wish to redirect users from the non-secure site to the SSL site, you can use an ordinary Redirect directive inside the non-secure VirtualHost

So, try to add this directive in your non-secure VirtualHost:

Redirect permanent / https://www.mywebsite.com/

If you want anyway use rewrite rule, you should add these lines in non-secure VirtualHost:

RewriteEngine On
# This will enable the Rewrite capabilities

RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e.  http://www.mywebsite.com/foo/ to https://www.mywebsite.com/foo/

as described in HTTP to HTTPS Apache wiki page.

Your configuration doen't work, because it is not defined a non-secure VirtualHost (usually on port 80) that handles http requests and redirect them to secure VirtualHost.

Try adding these lines:

<VirtualHost *:80>
   ServerName dev.dom1.com
   Redirect permanent / https://dev.dom1.com/
</VirtualHost>

In this case you don't need a DocumentRoot because this VirtualHost is redirecting everything.

Rewrite rule shown in your configuration file protect secure VirtualHost from being accessed via http protocol, for example http://www.mywebsite.com:443/ will be https://www.mywebsite.com:443/

You should also check that your site linking to the correct page (https) from within your HTML pages.

Share:
45,009

Related videos on Youtube

rajeev
Author by

rajeev

Updated on September 18, 2022

Comments

  • rajeev
    rajeev over 1 year

    ubuntu 14.04

    Apache/2.4.7

    I am posting here conf file for my virtual host and default ssl host. not able to figure what am I doing wrong.

    http://<website_url> shows the index of the folder. I want to redirect this to https.

    https://<website_url> opens fine.

    IMPORTANT: I have not enabled the default SSL site.

     cat default-ssl.conf|grep -v "#"

<IfModule mod_ssl.c>
      <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateFile  /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    </VirtualHost>
</IfModule>

    And here is mywebsite configuration file:

    cat www.mywebsite.com.conf|grep -v "#"

<VirtualHost *:443>
    ServerName www.mywebsite.com:443
    ServerAlias www.mywebsite.com
    ServerAdmin [email protected]
    DocumentRoot /var/www/www.mywebsite.com/html

    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
     <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    </IfModule>

SSLEngine on   
    SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    ErrorLog ${APACHE_LOG_DIR}/ssl.error.log
    CustomLog ${APACHE_LOG_DIR}/ssl.access.log combined
</VirtualHost>
  • Lety
    Lety over 9 years
    You should add directive in those VirtualHost that is the same as 443 VirtualHost. I guess non-secure VirtualHost with ServerName www.mywebsite.com and DocumentRoot /var/www/www.mywebsite.com/html. If you need to redirect both, you need to define two 443 VirtualHost.
  • rajeev
    rajeev over 9 years
    Hello Letizia, 443 VirtualHost does not have a corresponding VirtualHost. Sites are like this: http://www.dom1.com, https://dev.dom1.com, and http://www.dom2.com. All hosted on same apache server. I am scratching my head and pulling my hairs at the moment. sorry, I am just not getting this virtual-host thing.
  • Lety
    Lety over 9 years
    Sorry, maybe I didn't understand what you are doing :(. I thought you wanted to change protocol for a certain VirtualHost. Could you explain what is your goal?
  • rajeev
    rajeev over 9 years
    goal is to give https access with authentication to developers, but normal www access for rest of the world. and anybody choosing to go to dev.dom1.com should be presented the https site.
  • Lety
    Lety over 9 years
    Let's see if I understand. There are two VirtualHost on port 80, one have ServerName www.dom1.com and the other have ServerName www.dom2.com with different DocumentRoot content. Normal user access these sites with http a see the content. The third VirtualHost is on port 443 and ServerName is dev.dom1.com, developers access this site with https protocol and see DocumentRoot content. Please tell me if this assertion are right and what does not work or you can not achieve.
  • rajeev
    rajeev over 9 years
    yes totally correct. site 1: <VirtualHost *:80> ServerName www.dom1.com ServerAlias www.dom1.com ServerAdmin [email protected] DocumentRoot /var/www/www.dom1.com/html ... site 2: <VirtualHost *:443> ServerName dev.dom1.com:443 ServerAlias dev.dom1.com ServerAdmin [email protected] DocumentRoot /var/www/dev.dom1.com/html ... site 3: <VirtualHost *:80> ServerName www.dom2.com ServerAlias www.dom2.com ServerAdmin [email protected] DocumentRoot /var/www/www.dom2.com/html ... thx for help @Letizia
  • Lety
    Lety over 9 years
    You are welcome, but now, I don't see where is the problem and how can I help you :)
  • Lety
    Lety over 9 years
    Maybe you would like that access to http://dev.dom1.com are redirected to https://dev.dom1.com. Is this what you are trying to do?
  • rajeev
    rajeev over 9 years
    yes. correct. .
  • Lety
    Lety over 9 years
    Answer updated.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Temporary redirect to maintenance page
Trouble configuring apache server to proxy an SSL connection
Apache ssl-enabled vhost returns random 400 bad request
Deny direct access to files or directory using .htaccess
Change port and host using .htaccess
RewriteRule that preserves GET parameters
How force that all connections to my Apache use TLSv1.1 or TLSv1.2?
.htaccess file not running and internal server error
Ubuntu 14.04 mod_ssl not available
how to config htaccess file after enabling mod_rewrite module?