I have an ec2 instance with my website files properly installed using apache2 as the web server. The ec2 is configured to receive http traffic on port 80 only from the elb (pretty sure about this but not 100%). The elb has an https listener (port 443) and an http listener (port 80). The elb sends traffic to the ec2 instance after decrypting the data according to the aws docs. My issue is that I cannot figure out how to redirect all traffic to the load balancer that is http to https.
I tried using this rewrite rule in both the virtual host for the site and the apache2.conf, but it isn't having any kind of effect (no errors either).
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
The entire virtual host looks like this (located in /etc/apache2/sites-available/SewaneeEats.conf):
ServerName classicloadbalancer-1929710381.us-east-1.elb.amazonaws.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/SewaneeEats/public
<Directory /var/www/html/SewaneeEats>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
I can confirm also that module rewrite is enabled.
So when I type in the url sewaneeeats.com (these links are live if you need to check them out), it will still be sewaneeeats.com (with no ssl whatsoever) rather than redirecting. I know the ssl is working on https://www.sewaneeeats.com. On https://sewaneeeats.com I get a broken ssl red symbol in the url bar on chrome. I think the reason it is broken on the https://sewaneeeats.com url is because the cert is registered for www subdomain, but I am not sure. The domain is configured using aws's route 53 console, so I can give info on that if it would be helpful.
Any help would be really appreciated because I have been trying to figure this out for about a 12 hours or so. Would have posted this on serverfault.com, but I couldn't because I can only have 2 links for a question when I am under 10 rep.
I usually use the following rule to redirect all traffic to https:
RewriteCond %{HTTPS} =off
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
Also, no need to place the rewrite rules between directives if you want to apply the rules globally for the vhost.
Related
Currently I'm working on a request to both redirect the domain A to domain B and redirect a specific page within the domain A to domain B. Here's the expectation in pseudocode:
foo.com =====> https://www.bar.com
foo.com/foo =====> https://www.bar.com/bar
and:
www.foo.com =====> https://www.bar.com
www.foo.com/foo =====> https://www.bar.com/bar
However, only the non-www redirects are working as expected and the www redirects are not functioning at all. Essentially, the first set of redirects above are working and the second set are not.
Here's my Vhost file:
<VirtualHost *:80>
ServerName foo.com
ServerAlias www.foo.com
ErrorLog /etc/httpd/logs/foo.com-error.log
Include /etc/httpd/conf.d/rewrite_rules/foo.com.rewrite
</VirtualHost>
My rewrite rule:
RewriteEngine On
RewriteRule ^/foo$ https://www.bar.com/bar [R=301,L,NC]
RewriteRule (.*) https://www.bar.com [R=301,L,NC]
What's strange is when I test with curl on a test server, it seems as though the URL is being redirected:
301 http://www.foo.com/ https://www.bar.com
I get the feeling I'm missing something in my rewrite rule. Can anyone advise on the problem? Thanks in advance for your help.
Figured out the answer to this issue. As it turns out, the rules in place are all functional and work as intended; however, the SSL certificate on the server was causing a mismatch error.
This mismatch in SSL certificates stopped the redirect functionality. After uploading the necessary certs, everything was working as expected. Hope this answer helps someone in need in the future. Thanks.
I would like to rewrite directories of my RootDocument into thei'r own addresses.
For exaimple, I would like to be able to visit: http://localhost/FOO and be redirected to http://FOO.dev. Please note that the URL domain is static ass all subdirectory domains will have the same tol-level domain. I need to create a redirect within chunk of code:
<VirtualHost *:80>
ServerName 127.0.0.1
ServerAlias localhost
DocumentRoot /usr/local/var/www
<Location />
Options All
AllowOverride All
Require all granted
</Location>
<LocationMatch ^/[^.].+/$>
RewriteEngine on
/*
I NEED A REWRITE HERE WHEN I REACH THE DIRECTORY LOCATION
AS LOCATION IS ALREADY MATCHED, I'M NOT SURE HOW TO EXTRACT IT
*/
</LocationMatch>
<LocationMatch ^/[.].+/$>
Options none
AllowOverride none
Require all denied
</LocationMatch>
</VirtualHost>
Since I have already figured out how to get into directories I need to be at, how would I use my logic to extract and redirect me into correct place?
You need a two-step-approach for this, since you have to handle two separate requests in the scenario you want to set up:
This is the rule to redirect clients to the new host name:
RewriteEngine on
RewriteRule ^/?(\w+)(/?.*)$ http://$1.dev$2 [R=301]
This is the rule inside that host to remap the request onto the internal folder in the file system again:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(\w+)\.dev$
RewriteCond /%1 -d
RewriteRule ^/?(.*)$ /%1/$1 [END]
Obviously the rewriting needs to be loaded and enabled for this.
In case you receive back a http status 500 ("internal server error") for the first request (the one to be redirected) chances are that you are using a very old version of the apache http server. In that case try replacing the [END] flag with the [L] flag...
Above rules will work likewise in the http servers host configuration or in dynamic configuration files. However you should always prefer to place such rules inside the http servers (virtual) host configuration instead of using dynamic configuration files (.htaccess style files). Those files are notoriously error prone, hard to debug and they really slow down the server. They are only supported as a last option for situations where you do not have control over the host configuration (read: really cheap hosting service providers) or if you have an application that relies on writing its own rewrite rules (which is an obvious security nightmare).
Request:
My certificate does not allow for wildcards and only applies to https://example.com.
I want to redirect all traffic from: http(s)://*.example.com --> https://example.com.
Problem:
This works fine going from http://*.example.com/* to https://example.com/*
I get the error NET::ERR_CERT_COMMON_NAME_INVALID when going from:
https://*.example.com/* to https://example.com.
What I have tried so far...
This is my default.conf configuration file for the virtual host:
<VirtualHost *:80>
NameVirtualHost *:80
ServerName example.com
ServerAlias *.example.com
Redirect permanent / https://example.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
NameVirtualHost *:443
ServerName example.com
ServerAlias *.example.com
Redirect permanent "(?i)https:\/\/\d*[a-z0-9]*.example.com" "https://example.com"
I have tried several variations of the last Redirect line above, as suggested in several related questions. I can only post two at this time since I'm new here:
https://stackoverflow.com/questions/30781718/redirect-http-https-www-to-https-domain-com-using-htaccess
How to redirect https://www.example.com to https://example.com
I'm guessing that this is not working because the server returns a certificate error before processing the Redirect code. One of the questions I linked to above hints at that, but it was not accepted as an answer and no one really confirms or denies it.
My Question (finally!):
Is it possible to do this without having a wildcard certificate? If so, what's wrong with my Redirect code above? As far as I can tell, the regex is working for a case-insensitive redirect from https://*.example.com to https://example.com.
Is it possible to do this without having a wildcard certificate?
No. The reason why is because you have a cert that says the only hostname that is valid is example.com, and the first thing that happens is a connection to the webserver is made and the SSL handshake is established. This handshake happens before any HTTP communication takes place. That means, during the handshake, the browser is given the certificate, which says "you should only be talking to example.com" and the browser sees that it just attempted to connect to "www.example.com", and the browser stops right there and returns the exception that you see. This exception doesn't originate from the server, it's the browser saying something's not right.
Since all of this happens before any HTTP communication is even made (since it has to be encrypted, and you can't encrypt until the handshake is established), there is nothing you can do as far as mod_rewrite or redirecting from apache, because Apache hasn't even received the request yet.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1%{REQUEST_URI} [R=301,QSA,NC,L]
add above code in your .htaccess file
your url will be redirect like:
https://www.example.com/test to -> https://example.com/test
I am struggling with mod_rewrite htaccess for at least couple of days, and still cannot figure this out.
I want to force HTTPS SSL on my site, but only from outside of the network.
I have something like this:
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.30
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.mysite.com/$1 [R,L]
My local IP is 192.168.1.30 and it keeps correcting my adress to https://www.mysite.com.
In one condition it allows me to connect locally to my server. When I type https://192.168.1.10 (my local server adress). But it keeps throwing me SSL caution which cannot be kept this way.
When I type http://192.168.1.10 it redirects me to https://www.mysite.com
How to make it leave my ip alone from all the redirects?
For my logic, it should not redirect me no matter what if my REMOTE_ADDR is 192.168.1.30.
Can you try this rule:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^(192\.168\.|127\.0\.0\.1)
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
I do not think you need Rewrite rules at all. Since HTTP listens on port 80 and HTTPS on port 443, you can have three different VirtualHosts.
First one to listen on port 80 and binds to your private ip address.
Second to listen on port 80 but all it does in 301 redirect to the https url
The last one to listen on port 443 (the HTTPS)
However, you may have to move this logic from htaccess file to your .conf file.
Since apache starts finding the matching VirtualHost in the order they are defined in the .conf file (http.conf or apache.conf as the case may be), the ordering is very important.
I'm using django-socialregistration on Apache. I started getting this error message.
Invalid OpenID Namespace u'http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0'
It starts with a rewrite rule in my Apache configuration file.
<VirtualHost *:80>
ServerName foobar.org
ServerAlias foobar.net
RewriteEngine On
RewriteRule ^(.*)$ https://foobar.org$1 [R=301,L]
</VirtualHost>
So any request that comes in to foobar.net or doesn't come over https gets redirected to https://foobar.org. When Apache does this redirect, by default, it escapes the url. See http://httpd.apache.org/docs/current/rewrite/flags.html#flag_ne
So one solution is to just do this:
RewriteRule ^(.*)$ https://foobar.org$1 [R=301,L,NE]
But why is the redirect happening in the first place? In my case, it's because django-socialregistration checks a setting to determine whether or not to use ssl in the OpenID workflow. I watched my runserver and saw something like
GET /openid/redirect/?openid_provider=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&next=%2Faccounts%2Fnext%2F%3Fnext%3Dundefined
I curl -v <that_url>, and saw that the Location header (that is, the redirect url) contained something like this:
...openid.return_to=http%3A%2F%2Ffoobar.org%2Fopeni...
Notice that it isn't using https. I dug through django-socialregistration and saw that I need this in settings.py:
SOCIALREGISTRATION_USE_HTTPS = True