RewriteCond question

RewriteCond question

am 19.02.2010 00:01:06 von John Oliver

I'm dealing with a site that is accessed via https://domain.gov The
certificate is for "domain.gov" I akready have a working rule to catch
http://domain.gov/ and rewrite to https://domain.gov/ I also got
http://www.domain.gov/ caught and rewritten with:

RewriteCond %{http_host} ^www\.domain\.gov [NC]
RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]

However, attempts to access https://www.domain.gov/ are still an issue.
I tried:

RewriteCond %{https} ^www\.domain\.gov [NC]
RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]

But that didn't work (I didn't really expect it to, but it was worth a
try!)

What magic sauce do I need to catch and rewrite that attempt?

--
************************************************************ ***********
* John Oliver http://www.john-oliver.net/ *
* *
************************************************************ ***********

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: RewriteCond question

am 19.02.2010 00:14:33 von up

On Thu, 18 Feb 2010, John Oliver wrote:

> I'm dealing with a site that is accessed via https://domain.gov The
> certificate is for "domain.gov" I akready have a working rule to catch
> http://domain.gov/ and rewrite to https://domain.gov/ I also got
> http://www.domain.gov/ caught and rewritten with:
>
> RewriteCond %{http_host} ^www\.domain\.gov [NC]
> RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
>
> However, attempts to access https://www.domain.gov/ are still an issue.
> I tried:
>
> RewriteCond %{https} ^www\.domain\.gov [NC]
> RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
>
> But that didn't work (I didn't really expect it to, but it was worth a
> try!)
>
> What magic sauce do I need to catch and rewrite that attempt?

I just dealt with a similar issue regarding two different certificates.
Try this:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{http_host} ^www\.domain\.gov$ [NC]
RewriteRule ^(.*)$ https://domain.gov$ [R=301,NC]

James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
============================================================ =============

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: RewriteCond question

am 19.02.2010 00:23:56 von John Oliver

On Thu, Feb 18, 2010 at 06:14:33PM -0500, James Smallacombe wrote:
> On Thu, 18 Feb 2010, John Oliver wrote:
>
> >I'm dealing with a site that is accessed via https://domain.gov The
> >certificate is for "domain.gov" I akready have a working rule to catch
> >http://domain.gov/ and rewrite to https://domain.gov/ I also got
> >http://www.domain.gov/ caught and rewritten with:
> >
> >RewriteCond %{http_host} ^www\.domain\.gov [NC]
> >RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
> >
> >However, attempts to access https://www.domain.gov/ are still an issue.
> >I tried:
> >
> >RewriteCond %{https} ^www\.domain\.gov [NC]
> >RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
> >
> >But that didn't work (I didn't really expect it to, but it was worth a
> >try!)
> >
> >What magic sauce do I need to catch and rewrite that attempt?
>
> I just dealt with a similar issue regarding two different certificates.
> Try this:
>
> Options +FollowSymlinks
> RewriteEngine on
> RewriteCond %{http_host} ^www\.domain\.gov$ [NC]
> RewriteRule ^(.*)$ https://domain.gov$ [R=301,NC]

Nope... https://www.domain.gov/ still gives a certificate error.

--
************************************************************ ***********
* John Oliver http://www.john-oliver.net/ *
* *
************************************************************ ***********

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: RewriteCond question

am 19.02.2010 01:29:14 von up

On Thu, 18 Feb 2010, John Oliver wrote:

> On Thu, Feb 18, 2010 at 06:14:33PM -0500, James Smallacombe wrote:
>> On Thu, 18 Feb 2010, John Oliver wrote:
>>
>>> I'm dealing with a site that is accessed via https://domain.gov The
>>> certificate is for "domain.gov" I akready have a working rule to catch
>>> http://domain.gov/ and rewrite to https://domain.gov/ I also got
>>> http://www.domain.gov/ caught and rewritten with:
>>>
>>> RewriteCond %{http_host} ^www\.domain\.gov [NC]
>>> RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
>>>
>>> However, attempts to access https://www.domain.gov/ are still an issue.
>>> I tried:
>>>
>>> RewriteCond %{https} ^www\.domain\.gov [NC]
>>> RewriteRule ^(.*)$ https://domain.gov/$1 [R=301]
>>>
>>> But that didn't work (I didn't really expect it to, but it was worth a
>>> try!)
>>>
>>> What magic sauce do I need to catch and rewrite that attempt?
>>
>> I just dealt with a similar issue regarding two different certificates.
>> Try this:
>>
>> Options +FollowSymlinks
>> RewriteEngine on
>> RewriteCond %{http_host} ^www\.domain\.gov$ [NC]
>> RewriteRule ^(.*)$ https://domain.gov$ [R=301,NC]
>
> Nope... https://www.domain.gov/ still gives a certificate error.

Interesting...in my case, it works perfectly redirecting between two
different ssl certificate virtual hosts. However, both of my certs are
valid...is it possible that the certificate error kicks in before the
redirect happens?

James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
============================================================ =============

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: RewriteCond question

am 19.02.2010 10:48:18 von Tom Evans

On Fri, Feb 19, 2010 at 12:29 AM, James Smallacombe wrote:
> On Thu, 18 Feb 2010, John Oliver wrote:
>
>> On Thu, Feb 18, 2010 at 06:14:33PM -0500, James Smallacombe wrote:
>>>
>>> On Thu, 18 Feb 2010, John Oliver wrote:
>>>
>>>> I'm dealing with a site that is accessed via https://domain.gov  =
The
>>>> certificate is for "domain.gov"  I akready have a working rule to=
catch
>>>> http://domain.gov/ and rewrite to https://domain.gov/  I also got
>>>> http://www.domain.gov/ caught and rewritten with:
>>>>
>>>> RewriteCond %{http_host} ^www\.domain\.gov [NC]
>>>> RewriteRule ^(.*)$ https://domain.gov/$1 [R=3D301]
>>>>
>>>> However, attempts to access https://www.domain.gov/ are still an issue=
..
>>>> I tried:
>>>>
>>>> RewriteCond %{https} ^www\.domain\.gov [NC]
>>>> RewriteRule ^(.*)$ https://domain.gov/$1 [R=3D301]
>>>>
>>>> But that didn't work (I didn't really expect it to, but it was worth a
>>>> try!)
>>>>
>>>> What magic sauce do I need to catch and rewrite that attempt?
>>>
>>> I just dealt with a similar issue regarding two different certificates.
>>> Try this:
>>>
>>> Options +FollowSymlinks
>>> RewriteEngine on
>>> RewriteCond %{http_host} ^www\.domain\.gov$ [NC]
>>> RewriteRule ^(.*)$ https://domain.gov$ [R=3D301,NC]
>>
>> Nope... https://www.domain.gov/ still gives a certificate error.
>
> Interesting...in my case, it works perfectly redirecting between two
> different ssl certificate virtual hosts.  However, both of my certs =
are
> valid...is it possible that the certificate error kicks in before the
> redirect happens?
>
> James Smallacombe                =
    PlantageNet, Inc. CEO and Janitor
> up@3.am                   =
                    =C2=
=A0             http://3.am

Yes, what you are trying to do is impossible. If a user accesses
www.domain.gov over SSL, then you will get a certificate error if you
do not have a valid SSL certificate - even if all you want to do is
redirect them to the correct site.

You will either need a new certificate for www.domain.gov, or convince
your registrar to give you a wildcard certificate for *.domain.gov, or
one with multiple subjectAltName properties (see #1)

Cheers

Tom

#1: http://www.crsr.net/Notes/Apache-HTTPS-virtual-host.html

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: RewriteCond question

am 19.02.2010 11:53:11 von Martin Barry

$quoted_author = "James Smallacombe" ;
> >
> >Nope... https://www.domain.gov/ still gives a certificate error.
>
> Interesting...in my case, it works perfectly redirecting between two
> different ssl certificate virtual hosts. However, both of my certs
> are valid...is it possible that the certificate error kicks in
> before the redirect happens?

That's exactly what is happening.

The virtualhost used to serve an SSL connection is based on IP because the
Host header is not readable till *after* decryption.

John, you are going to have to live with the certificate error, try to get a
certificate with www.domain.gov as a "subject alternative name" [1] or put
your faith in SNI [2].

cheers
Marty

[1] http://library.linode.com/ssl-guides/subject-alt-name-ssl
[2] http://en.wikipedia.org/wiki/Server_Name_Indication

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: RewriteCond question

am 20.02.2010 00:24:23 von John Oliver

On Fri, Feb 19, 2010 at 09:53:11PM +1100, Martin Barry wrote:
> $quoted_author = "James Smallacombe" ;
> > >
> > >Nope... https://www.domain.gov/ still gives a certificate error.
> >
> > Interesting...in my case, it works perfectly redirecting between two
> > different ssl certificate virtual hosts. However, both of my certs
> > are valid...is it possible that the certificate error kicks in
> > before the redirect happens?
>
> That's exactly what is happening.
>
> The virtualhost used to serve an SSL connection is based on IP because the
> Host header is not readable till *after* decryption.
>
> John, you are going to have to live with the certificate error, try to get a
> certificate with www.domain.gov as a "subject alternative name" [1] or put
> your faith in SNI [2].

I was afraid of that.

Thanks for the help, all.

--
************************************************************ ***********
* John Oliver http://www.john-oliver.net/ *
* *
************************************************************ ***********

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org