Articles June 14, 2005 at 3:39 pm

Redirect http to https

A quick overview of doing redirects from non-ssl to ssl websites.

Ed. Note: While you should be able to do this in the 10.4 web GUI, you were unable do this in earlier versions of OS X Server. That’s where this comes in handy, although this method should work for all version of OS X, or Apache on any system for that matter.OS X Server
HOW TO: redirect http requests to https

If you have set up a site using ssl all requests for that domain not preceded
by https it will point to the defualt web site. If what is required is that
all requests for the domain on port 80 go to the 443 or in other words all
requests
for http go to https, there are a number of ways of doing this (using htacces
or other scripting), however the following is the method we prefer.

1 go to the site config file at /etc/httpd/sites/

cd /etc/httpd/sites/

open the config file (e.g. 0016_195.75.175.184_443_secure.example.com.conf)
in pico and edit the section


RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

adding the following condition and rule and either delete or comment out
the existing conditions and rules.

RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://secure.example.com/ [R]

so that it reads as


RewriteEngine On
## RewriteCond %{REQUEST_METHOD} ^TRACE
## RewriteRule .* - [F]
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://secure.example.com/ [R]

2. In server admin duplicate the site secure.example.com, turn the web service
off, edit the new site changing (from general) the port from 433 to 80, and
from secure turn Enable Secure Sockets Layer off. You will now have two site
config files in /etc/httpd/sites/ (e.g 0016_195.75.175.184_443_secure.example.com.conf
and 0016_195.75.175.184_80_secure.example.com.conf).

3 Restart the web service and all requests to http://secure.example.com will
be automatically redirected to https://secure.example.com.

It may appear contradictory to have two sites with the same name but one is
on port 80 and the other is on port 443, Apache does allow this configuration.
This method allows you to treat all virtual sites on an individual basis, you
may wish some to be accessed only via ssl and others to be accesses via ssl
and non ssl.

Last updated 08/06/05 Bruce Robbins

Platform: Mac OS X Server 10.3 or later
Further reading

http://httpd.apache.org/docs/mod/mod_rewrite.html

http://www.modssl.org/docs/2.8/ssl_howto.html

http://www.whoopis.com/howtos/apache-rewrite.html

http://joseph.randomnetworks.com/archives/2004/07/22/redirect-to-ssl-using-apaches-htaccess/

http://httpd.apache.org/docs-2.0/misc/rewriteguide.html

http://www.entropy.ch/software/macosx/docs/mod_ssl.html

No Comments

  • This is a good point, the example used in the article is from theconfig used
    our development server. Thanks for pointing it out.

  • Any virtualhost added in Server Admin (10.3 or 10.4) can have a redirect
    to another virtual host. So, configure one virtualhost with the name/IP of
    the SSL site but on port 80, with a redirect to a second host on port 443!

    Eg: redirect would be…
    FROM: / TO: https://SITE_ADDRESS/

    It will redirect any appended path too.

  • If you use a registrar that does URL forwarding, and you use that service, be
    prepared for the http > https fix to partially break. Sticking with DNS records
    only works much better.


    systems engineer, tribune review publishing company

  • To redirect ‘all’ http to https


    RewriteEngine On
    RewriteRule (.*) https://%{SERVER_NAME}:443 [R]


    (We use this on one of our servers with DHCP on ‘untrusted’ networks
    for demonstrations,
    we depend on the DHCP provided ip-addresses in the LAN)

    This also seems to work for redirecting all virual hosts, saves time and
    you don’t have to change the rules (Like https://secure.example.com
    times n), easyer when you have 100+ virtualhostnames 😉

    Gawin

Leave a reply

You must be logged in to post a comment.