Comments on: Apache: Redirect http to https Apache secure connection – force HTTPS Connections http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html This is a Linux sys admin journal by Vivek about sys admin work, Linux tips & tricks, hacks, news and more. Fri, 10 Feb 2012 20:37:43 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: mtupperhttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-176625 mtupper Wed, 07 Dec 2011 09:13:39 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-176625 This is the one that finally worked for me... This is the one that finally worked for me…

]]> By: Vishvahttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-174984 Vishva Wed, 19 Oct 2011 04:33:12 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-174984 What i want to achieve is configure outbound proxy for specific HTTPS urls. Its a white list validation. e.g. If i (my application) hits a specific HTTPS URL , then only redirect should happen .. something like this - RewriteCond %{THE_REQUEST} ^GET\ (http://www.google.com/.*)\ HTTP [OR] RewriteCond %{THE_REQUEST} ^GET\ (http://www.oracle.com/.*)\ HTTP RewriteRule . proxy:%1 [L] RewriteCond %{THE_REQUEST} ^CONNECT\ (www.abc.com):443/?.*)\ HTTP RewriteRule . proxy:https://%1 [L] The first part for HTTP works fine. So outbound URLs which start with HTTP gets redirected according to rule but if i hit HTTPS , it doesnt work .. it gives forbidden error or cookie error.. Can any body please help. What i want to achieve is configure outbound proxy for specific HTTPS urls. Its a white list validation. e.g. If i (my application) hits a specific HTTPS URL , then only redirect should happen .. something like this –

RewriteCond %{THE_REQUEST} ^GET\ (http://www.google.com/.*)\ HTTP [OR] RewriteCond %{THE_REQUEST} ^GET\ (http://www.oracle.com/.*)\ HTTP RewriteRule . proxy:%1 [L]

RewriteCond %{THE_REQUEST} ^CONNECT\ (www.abc.com):443/?.*)\ HTTP RewriteRule . proxy:https://%1 [L]

The first part for HTTP works fine. So outbound URLs which start with HTTP gets redirected according to rule but if i hit HTTPS , it doesnt work .. it gives forbidden error or cookie error..

Can any body please help.

]]> By: anonhttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-174209 anon Wed, 21 Sep 2011 21:01:16 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-174209 This worked for me, using apache2 and 2 virtual hosts: 1. Type the following command in the terminal: <pre>sudo a2enmod rewrite</pre> Add the following to /etc/apache2/sites-available/default under <pre>RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}</pre> Restart Apache: <pre>sudo /etc/init.d/apache2 restart</pre> This worked for me, using apache2 and 2 virtual hosts:

1. Type the following command in the terminal:

sudo a2enmod rewrite

Add the following to /etc/apache2/sites-available/default under

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Restart Apache:

sudo /etc/init.d/apache2 restart
]]> By: Janhttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-173532 Jan Wed, 24 Aug 2011 14:48:06 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-173532 Hello, there are a lot of domains hosted in my dedicated server. There is an alias <strong><em>/webmail</em></strong> pointing to the installed webmail-interface which could be used from all domains on my server e.g. there are the domains <strong><em>foobar1.de</em></strong>, <strong><em>foobar2.net</em></strong>, <strong><em>foobar3.com</em></strong>, <strong><em>foobar4.de</em></strong>, <strong><em>foofoobarbar.info</em></strong>, … and the webmail client is reachable: e.g. <strong><em>foobar1.de/webmail</em></strong> , … , <strong><em>foofoobarbar.info/webmail</em></strong> That's fact and running. Now i want to force all <strong><em>"/webmail"</em></strong>-calls to <strong><em>"https://"</em></strong>, so that the call <strong><em>"foobarxy.org/webmail"</em></strong> automatically chanches to <strong><em>"https://foobarxy.org/webmail"</em></strong> without regarding other calls like <strong><em>foobar.org</em></strong> (homepage) oder <strong><em>foobar3.com/directoryxy</em></strong> or others. The aim is to force only the <strong><em>"/webmail"</em></strong> calls to htts not the others. Is there a simple way? Hello,

there are a lot of domains hosted in my dedicated server.
There is an alias /webmail pointing to the installed webmail-interface which could be used from all domains on my server

e.g. there are the domains foobar1.de, foobar2.net, foobar3.com, foobar4.de, foofoobarbar.info, …
and the webmail client is reachable: e.g. foobar1.de/webmail , … , foofoobarbar.info/webmail

That’s fact and running.

Now i want to force all “/webmail”-calls to “https://”, so that the call “foobarxy.org/webmail” automatically chanches to “https://foobarxy.org/webmail” without regarding other calls like foobar.org (homepage) oder foobar3.com/directoryxy or others.

The aim is to force only the “/webmail” calls to htts not the others.

Is there a simple way?

]]> By: Stephenhttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-172478 Stephen Fri, 15 Jul 2011 00:48:33 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-172478 Dows anyone have any idea please on what lines of code that I'm going to add into the htaccess file? Basically, I just need my login page, registration page to be in SSL. The rest of the pages will be in http like the index.php. I have the SSL installed already in my server. I have the htaccess code to redirect all pages into https but I don't need the whole site to be in https. I have this few lines of code and this make the whole site in https: <pre> RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^index.php$ https://www.mysite.com/ </pre> I need only these pages to be https and the rest of the site to load in http <pre> http://www.mysite.com/?do=login http://www.mysite.com/?do=reg http://www.mysite.com/?do=login&url=sell http://www.mysite.com/?do=login&url=myaccmain http://www.mysite.com/?do=login&url=sindex </pre> Any idea please on how to make it that only login, registration to be in https? Then if user open it in http it will automatically be redirect into https. If user open index page in https it will automatically be change into http. Please help. Dows anyone have any idea please on what lines of code that I’m going to add into the htaccess file? Basically, I just need my login page, registration page to be in SSL. The rest of the pages will be in http like the index.php. I have the SSL installed already in my server. I have the htaccess code to redirect all pages into https but I don’t need the whole site to be in https. I have this few lines of code and this make the whole site in https:

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^index.php$ https://www.mysite.com/

I need only these pages to be https and the rest of the site to load in http

http://www.mysite.com/?do=login
http://www.mysite.com/?do=reg
http://www.mysite.com/?do=login&url=sell
http://www.mysite.com/?do=login&url=myaccmain
http://www.mysite.com/?do=login&url=sindex

Any idea please on how to make it that only login, registration to be in https? Then if user open it in http it will automatically be redirect into https. If user open index page in https it will automatically be change into http. Please help.

]]> By: Timhttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-171844 Tim Fri, 10 Jun 2011 20:18:06 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-171844 Agh! Do what SCD says! <pre> RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R,L] </pre> Agh! Do what SCD says!

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
]]> By: Jake Torshttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-171538 Jake Tors Tue, 24 May 2011 23:51:11 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-171538 Redirect permanent did not work at all. Tried it inside and outside of the virtual host. Do more research next time Redirect permanent did not work at all. Tried it inside and outside of the virtual host.

Do more research next time

]]> By: raghuhttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-169762 raghu Fri, 11 Mar 2011 13:56:47 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-169762 Hi Sam, Did u get the solution for your http to https limited links i need the same pelase do suggest me how to do that thanks in advance Hi Sam,

Did u get the solution for your http to https limited links

i need the same pelase do suggest me how to do that

thanks in advance

]]> By: Bipin Bahugunahttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-168843 Bipin Bahuguna Sat, 19 Feb 2011 05:39:23 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-168843 Hi, I have ssl certificate for https://abc.com. and client required it https://www.abc.com I have redirect it via apache modrewrite abc.com to www.abc.com. But prob is ssl cert is valid for only abc.com. any idea how can i bypass ssl cert for www.abc.com.. Thanks, Bipin Bahuguna Hi,
I have ssl certificate for https://abc.com.
and client required it https://www.abc.com
I have redirect it via apache modrewrite abc.com to http://www.abc.com.
But prob is ssl cert is valid for only abc.com.
any idea how can i bypass ssl cert for http://www.abc.com..

Thanks,
Bipin Bahuguna

]]> By: Nabeelhttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-160111 Nabeel Sat, 09 Oct 2010 08:58:38 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-160111 Hi, I have installed SSL certificates and now I want to move from http to https. what should I do? should I need to move my all files to https folder ? Thanks Hi,

I have installed SSL certificates and now I want to move from http to https.
what should I do?
should I need to move my all files to https folder ?

Thanks

]]> By: rigidkitchenhttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-159750 rigidkitchen Mon, 20 Sep 2010 16:35:49 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-159750 The answer is surprisingly in another tutorial on the site. In the directory you want to redirect to ssl: SSLRequire %{HTTP_HOST} eq "www.nixcraft.com" I have this under my document root in httpd.conf and it works great. I have the virtual host in ssl.conf set up to use the same directory. works great The answer is surprisingly in another tutorial on the site.

In the directory you want to redirect to ssl:

SSLRequire %{HTTP_HOST} eq “www.nixcraft.com”

I have this under my document root in httpd.conf and it works great. I have the virtual host in ssl.conf set up to use the same directory. works great

]]> By: Ashokhttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-158632 Ashok Sat, 31 Jul 2010 01:09:20 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-158632 Hi I am having two sites http://www.abc.com/app1 and https://www.abc.com/app2. App1 is always accessed by http(no https) whereas app2 with https(no http) Kindly suggest me solution. Thanks Ashok Hi

I am having two sites http://www.abc.com/app1 and https://www.abc.com/app2.
App1 is always accessed by http(no https) whereas app2 with https(no http)

Kindly suggest me solution.

Thanks
Ashok

]]> By: Chrishttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-158380 Chris Tue, 27 Jul 2010 18:37:01 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-158380 Never mind, I figured out another way of doing what I needed. Thanks. Never mind, I figured out another way of doing what I needed. Thanks.

]]> By: Chrishttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-158283 Chris Fri, 23 Jul 2010 18:39:24 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-158283 Maybe someone can explain this one to me.. Here is what I have in htpd.conf: RewriteEngine on RewriteCond %{HTTP_HOST} =webmail.mowisp.com RewriteRule ^(.*) https://mowisp.com/webmail [R] RewriteCond %{HTTP_HOST} =admin.mowisp.com RewriteRule ^(.*) https://mowisp.com:10000/ [R] The admin rewrite works but the webmail rewrite does not.... Maybe someone can explain this one to me.. Here is what I have in htpd.conf:
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.mowisp.com
RewriteRule ^(.*) https://mowisp.com/webmail [R]
RewriteCond %{HTTP_HOST} =admin.mowisp.com
RewriteRule ^(.*) https://mowisp.com:10000/ [R]

The admin rewrite works but the webmail rewrite does not….

]]> By: backtogeekhttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-158201 backtogeek Mon, 19 Jul 2010 13:12:06 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-158201 is it possibe to redirect to non http ot https? e.g. Redirect permanent / rtsp://mydomain.com I have tried but its not working is it possibe to redirect to non http ot https?

e.g.

Redirect permanent / rtsp://mydomain.com

I have tried but its not working

]]> By: Mathiauhttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-158144 Mathiau Fri, 16 Jul 2010 21:38:20 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-158144 Is it possible to have ALL sites hosted on an apache server redirect to an HTTPS:// address? instead of posting each one individual.... Is it possible to have ALL sites hosted on an apache server redirect to an HTTPS:// address?

instead of posting each one individual….

]]> By: Anonymoushttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-155972 Anonymous Tue, 11 May 2010 18:26:33 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-155972 You used a "permanent" redirect. Your web browser remembers the redirect forever, and will perform the redirect without interacting with the server. You used a “permanent” redirect. Your web browser remembers the redirect forever, and will perform the redirect without interacting with the server.

]]> By: zuloohttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-155110 zuloo Mon, 19 Apr 2010 19:19:38 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-155110 Hey guys, those having problems in form of a redirect did not take place, did you do a /etc/init.d/apache2 force-reload ? Actually that should only be necessary if you write it into the httpd.conf or a virtual-host-description file. when using .htaccess it should work right away... worked fine for me best regards Hey guys,

those having problems in form of a redirect did not take place,
did you do a
/etc/init.d/apache2 force-reload
?
Actually that should only be necessary if you write it into the httpd.conf or a virtual-host-description file. when using .htaccess it should work right away…

worked fine for me

best regards

]]> By: buffehttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-155103 buffe Mon, 19 Apr 2010 11:50:22 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-155103 hi, I want to redirect <code>http://myserver.com/my_app/login.htm</code> to <code>https://myserver.com/my_app/login.htm</code> (only the login page) I tried various combination but it didn't redirect. It will be a great help if some one can help. hi,
I want to redirect
http://myserver.com/my_app/login.htm to
https://myserver.com/my_app/login.htm
(only the login page) I tried various combination but it didn’t redirect. It will be a great help if some one can help.

]]> By: Batohttp://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-154529 Bato Thu, 25 Mar 2010 18:56:29 +0000 http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html#comment-154529 Thanks man... This one works PERFECTLY! cheers :-D Thanks man…
This one works PERFECTLY!

cheers :-D

]]>