Apache on F11. ANY APPROACH ?excluding images pdfs etc from Https (

--00504502b08919020604775953f7
Content-Type: text/plain; charset=ISO-8859-1

Hi Folks

- I am a squat on advanced Apache work. I would get a basic SSL
functionality to work.

So https://foobar.com works fine and gets me all the login windows I
designed. however currently all the images and other extensions like .pdf
are also using the https routing.
some image referred on that https link
e.g. https://foobar.com/loginhere.jpeg c
can be displayed using https but not http
I would like to JUST limit https usage to the login window html and ALL
other images pdf's not secured html ( one that do not need password ) should
use HTTP NOT HTTPS
What I cannot really find ( and Apache modules make a graduate course , as I
am realizing with all the futile digging in ) is HOW do I tell apache that
if you find an image file ( .jpeg or .pdf ) if it comes to https convert all
that into http .Has that something to do with rewrite or redirect modules .


- Another thing is that http : // foobar.login.html should redirect to
https : // foobar.login.html
however http : // foobar.login.html will not show up at all. How do I
achieve this .
Thanks again

--00504502b08919020604775953f7
Content-Type: text/html; charset=ISO-8859-1

Hi Folks

• I am a squat on advanced Apache work. I would get a basic SSL functionality to work.

• Another thing is that http : // foobar.login.html should redirect to https : // foobar.login.html
  
  however http : // foobar.login.html will not show up at all. How do I achieve this .
  
  Thanks again

Re: Apache on F11. ANY APPROACH ?excluding images pdfsetc from Https ( ssl ) routing

> I would like to JUST limit https usage to the login window html and ALL other images pdf's not secured html
> ( one that do not need password ) should use HTTP NOT HTTPS
> What I cannot really find ( and Apache modules make a graduate course , as I am realizing with all the
> futile digging in ) is HOW do I tell apache that if you find an image file ( .jpeg or .pdf ) if it comes to
> https convert all that into http .Has that something to do with rewrite or redirect modules .

Yep. At least that is the way I do it, using rewrite.

Once you start Apache as a secure server all the content is served through
secure layer. With rewrite sentences you can override that.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Apache on F11. ANY APPROACH ?excluding images pdfsetc from Https ( ssl ) routing

sieger007@gmail.com wrote:
> Hi Folks
>
> - I am a squat on advanced Apache work. I would get a basic SSL
> functionality to work.
>
> So https://foobar.com works fine and gets me all the login windows I
> designed. however currently all the images and other extensions like .pdf
> are also using the https routing.
> some image referred on that https link
> e.g. https://foobar.com/loginhere.jpeg c
> can be displayed using https but not http
> I would like to JUST limit https usage to the login window html and ALL
> other images pdf's not secured html ( one that do not need password ) should
> use HTTP NOT HTTPS
> What I cannot really find ( and Apache modules make a graduate course , as I
> am realizing with all the futile digging in ) is HOW do I tell apache that
> if you find an image file ( .jpeg or .pdf ) if it comes to https convert all
> that into http .Has that something to do with rewrite or redirect modules .
>

I think there is something basic which you should understand first :
Apache does not "decide" to send this or that via HTTPS.
Apache responds to a request from the browser. If the browser requests
an object with a https://.. URL, then Apache will respond that way. If
the browser requests an object using a http://... URL, then Apache will
respond that way.

In other words, you have to make sure, in the pages *you* send back to
the browser, that the links, from the browser point of view, evaluate to
"http://.." and not "https://..".

Let me give you a simplified example.

1) The browser initially requests a page from the server, using (e.g.) a
URL like
https://server.mycompany.com/login-page.html
That means that this browser is
a) setting up a https connection to "server.mycompany.com"
b) on that connection, sending a request for host
"server.mycompany.com" and page "/login-page.html"

2) the server sends back the page, on the same https connection.
(Note that the connection is the one initiated by the browser. The
server never initiates a connection to the browser. It just responds on
the same connection which the browser has set up).

3) in that page, are links like :


4) the browser is going to "evaluate" these URLs, make them into "full"
URLs, and then send new requests for those objects to the server.
In this case, the browser see that the URL is missing a protocol and a
servername, so it will add them first.
What will it add ?
It will take the protocol and the servername from which this page
(login-page) has "arrived". In other words, *the browser* here will take
the URL "/images/myimage.gif", and add the protocol and the server, to give
"https://server.mycompany.com/images/myimage.gif", and then *the
browser* will requests this URL from the server.

5) the server gets this request and answers appropriately.

If, instead, the links to the images, in the page login-page.html, had
been like

then the browser would request this image on a non-https channel, and
the server would respond on that non-https channel.

In other words, what happens is basically your problem, not Apache's.

The above is the simple way.
There are other, less efficient ways.

You can arrange, at the server level, that when it receives a request
for "https://server.company.com/images/something", it would *send a
REDIRECT response* to the browser, telling the browser essentially :
hey, that's the wrong address for that thing, please use this one instead.
That is called a 301 response, and you can do that with mod_rewrite.
The browser, when it receives this message, will then automatically
initiate a *new connection* with the server, and re-request the same
object using the URL which the 301 Apache response contained.

But consider that it is always less efficient than sending the correct
link in the page in the first place, because you need a first request to
the server, a server response, then a new request from the browser to
the server before you get your image.

What Apache cannot do, at level (5) above, in the middle of the
conversation, is decide to change the protocol of the connection from
HTTPS to HTTP. That would break the existing connection. And how would
the browser know that it suddenly is going to receive a response on a
new connection, set up by the server ?
That is not how HTTP works.
And that is also why you do not find anything that replies to your
question in the Apache documentation or code : because, from a HTTP
protocol point of view, it does not make any sense, so it's just not there.
Yes ?




------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Apache on F11. ANY APPROACH ?excluding images pdfs

--00504502cdeb26e89d04775fa1c8
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi Folks
Thanks a lot
Can someone please point me to some examples of mod_rewrite where
images, pdf' and other non html files get re-directed to http instead of
https
I tried this :
more /etc/httpd/.htaccess

RewriteEngine on
RewriteCond %{SERVER_PORT} 443
RewriteRule .*.(gif|GIF|jpg|JPG|JPEG|jpeg|png|PNG|PDF|pdf|DOC|doc|txt|TX T)$
http://$1 [PT]


but https : // foobar.jpg is not redirected to http : // foobar.jpg

more /etc/httpd/conf/httpd.conf | grep -i "root"
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "/etc/httpd" will be interpreted by the
# ServerRoot: The top of the directory tree under which the server's
ServerRoot "/etc/httpd"
# httpd as root initially and it will switch.
ServerAdmin root@localhost
# DocumentRoot: The directory out of which you will serve your
DocumentRoot "/var/www/html"
# This should be changed to whatever you set DocumentRoot to.
# CacheRoot "/var/cache/mod_proxy"
# DocumentRoot /www/docs/dummy-host.example.com


I know I am missing something here and all you folks who know mod_rewrite
out there have really graduated in apache.I created that .htaccess in the
Documentroot and server-root path both

So please tell me what am I missing
Thanks
Sam




2009/11/1 I=F1igo Medina Garc=EDa

> I would like to JUST limit https usage to the login window html and ALL
>> other images pdf's not secured html
>> ( one that do not need password ) should use HTTP NOT HTTPS
>> What I cannot really find ( and Apache modules make a graduate course , =
as
>> I am realizing with all the
>> futile digging in ) is HOW do I tell apache that if you find an image fi=
le
>> ( .jpeg or .pdf ) if it comes to
>> https convert all that into http .Has that something to do with rewrite =
or
>> redirect modules .
>>
>
> Yep. At least that is the way I do it, using rewrite.
>
> Once you start Apache as a secure server all the content is served throug=
h
> secure layer. With rewrite sentences you can override that.
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project=
..
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

--00504502cdeb26e89d04775fa1c8
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi Folks
Thanks a lot
Can s=
omeone please point me to some examples of mod_rewrite=A0 where
style=3D"color: rgb(51, 51, 255);"> >images, pdf' and other non html files get re-directed to http instead =
of https

I tried this :
color: rgb(51, 51, 255);">=A0more=
=A0 /etc/httpd/.htaccess
style=3D"color: rgb(51, 51, 255);"><IfModule mod_rewrite.c> r style=3D"color: rgb(51, 51, 255);">
RewriteEngine on
=3D"color: rgb(51, 51, 255);">Rewr=
iteCond %{SERVER_PORT} 443
an style=3D"color: rgb(51, 51, 255);">RewriteRule .*.(gif|GIF|jpg|JPG|JPEG|=
jpeg|png|PNG|PDF|pdf|DOC|doc|txt|TXT)$ http://$1 [PT]
lor: rgb(51, 51, 255);">
</IfModule>
=3D"color: rgb(51, 51, 255);">
style=3D"color: rgb(51, 51, 255);">but https : // foobar.jpg is not redirec=
ted to http : // foobar.jpg


5);">=A0more /etc/httpd/conf/httpd.conf | grep -i "root" r style=3D"color: rgb(51, 51, 255);"> ;"># with "/", the value of ServerRoot is prepended -- so "l=
ogs/foo.log"

# with ServerRoot set to "/et=
c/httpd" will be interpreted by the
51, 255);"># ServerRoot: The top o=
f the directory tree under which the server's
rgb(51, 51, 255);">
ServerRoot "/etc/httpd"<=
/span>
51, 255);"># httpd as root initially and it will switch.
"color: rgb(51, 51, 255);">
ServerAdmin root@localhost<=
br style=3D"color: rgb(51, 51, 255);"> );"># DocumentRoot: The directory out of which you will serve your r style=3D"color: rgb(51, 51, 255);">
DocumentRoot "/var/www/html&q=
uot;
(51, 51, 255);"># This should be changed to whatever you set DocumentRoot t=
o.

#   CacheRoot "/var/cache=
/mod_proxy"
=3D"color: rgb(51, 51, 255);">#  =A0 DocumentRoot /www/docs/ http://dummy-host.example.com">dummy-host.example.com
=3D"color: rgb(51, 51, 255);">


;">I know I am missing something h=
ere and all you folks=A0 who know mod_rewrite out there=A0 have really grad=
uated in apache.I created that .htaccess in the Documentroot and server-roo=
t path both


5);">
So please tell me what am I missing
55);">Thanks
lor: rgb(51, 51, 255);">Sam=

Re: Apache on F11. ANY APPROACH ?excluding imagespdfs etc from Https ( ssl ) routing

--=-C/1BCNrTSYVZNnnnMeE4
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Sun, 2009-11-01 at 17:30 -0800, sieger007@gmail.com wrote:
> Hi Folks
> * I am a squat on advanced Apache work. I would get a basic SSL
> functionality to work.=20
> So https://foobar.com works fine and gets me all the login windows I
> designed. however currently all the images and other extensions
> like .pdf are also using the https routing.=20
> some image referred on that https link=20
> e.g. https://foobar.com/loginhere.jpeg c
> can be displayed using https but not http

Don't do this.

Either serve it all up through SSL or don't use SSL at all.
Reason being, many browsers (particularly those from Redmond) will
confuse the user with requests to load "insecure items" when they
encounter tags and suchlike.

Mark.

--=20
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, Managed Services Manpower
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg

--=-C/1BCNrTSYVZNnnnMeE4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkruoDQACgkQBn4EFUVUIO1A1QCfZ2lPd2ZRhetHlzjZ0YAO ulha
AEoAoPsXWNamDwT1GP81DiU1dUbYBAJN
=gPoq
-----END PGP SIGNATURE-----

--=-C/1BCNrTSYVZNnnnMeE4--

Re: Apache on F11. ANY APPROACH ?excluding images pdfs

--000e0cd15082b66f290477610385
Content-Type: text/plain; charset=ISO-8859-1

Yes .Probably not worth all the trouble if its going around catching my left
ear with the right hand.


On Mon, Nov 2, 2009 at 1:02 AM, Mark Watts wrote:

> On Sun, 2009-11-01 at 17:30 -0800, sieger007@gmail.com wrote:
> > Hi Folks
> > * I am a squat on advanced Apache work. I would get a basic SSL
> > functionality to work.
> > So https://foobar.com works fine and gets me all the login windows I
> > designed. however currently all the images and other extensions
> > like .pdf are also using the https routing.
> > some image referred on that https link
> > e.g. https://foobar.com/loginhere.jpeg c
> > can be displayed using https but not http
>
> Don't do this.
>
> Either serve it all up through SSL or don't use SSL at all.
> Reason being, many browsers (particularly those from Redmond) will
> confuse the user with requests to load "insecure items" when they
> encounter tags and suchlike.
>
> Mark.
>
> --
> Mark Watts BSc RHCE MBCS
> Senior Systems Engineer, Managed Services Manpower
> www.QinetiQ.com
> QinetiQ - Delivering customer-focused solutions
> GPG Key: http://www.linux-corner.info/mwatts.gpg
>

--000e0cd15082b66f290477610385
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Yes .Probably not worth all the tr=
ouble if its going around catching my left ear with the right hand.<=
br style=3D"color: rgb(51, 51, 255);">