Re: Rewrite Rules, SSL, and .htaccess

From: Jeff Bollinger (jeff01_at_email.unc.edu)
Date: 03/25/04

  • Next message: Wallwork, Nathan: "Re: Rewrite Rules, SSL, and .htaccess"
    Date: Thu, 25 Mar 2004 16:30:19 -0500
    To: focus-linux@securityfocus.com
    
    

    > Subject:
    > Rewrite Rules, SSL, and .htaccess
    > From:
    > "davec" <davec@webpipe.net>
    > Date:
    > Wed, 24 Mar 2004 23:47:15 -0700
    > To:
    > focus-linux@securityfocus.com
    >
    > To:
    > focus-linux@securityfocus.com
    >
    > Hi,
    > I have a .htaccess file protecting a certain directory on my site. When
    > I tried using the following Apache redirect, I was prompted for my
    > password once on the http version, and once on the https version:
    > <VirtualHost 192.168.3.7:80>
    > Redirect / https://www.mydomain.com/
    > </VirtualHost>
    > The point of using SSL on the password protected directory is to protect
    > the password from being passed in clear text. I think that a RewriteRule
    > would probably do the trick, but after reading the apache documentation
    > (version 2.0.40) I have still not been able to set one up that works
    > properly for the various ways of accessing the site such as
    > http://www.mydomain.com/dir or www.mydomain.com/dir or mydomain.com/dir
    > or http://www.mydomain.com/dir/index.html etc.
    > Any suggestions?
    > Thanks,
    > Dave

    How about just trying this:

    <VirtualHost 192.168.3.7:80>
    RedirectMatch permanent .* https://www.mydomain.com$1
    </VirtualHost>

    -- 
    Jeff Bollinger, CISSP
    University of North Carolina
    IT Security Analyst
    105 Abernethy Hall
    mailto: jeff @unc dot edu
    

  • Next message: Wallwork, Nathan: "Re: Rewrite Rules, SSL, and .htaccess"