Best unofficial Apache Server developers community
Username
Forgot password?
Sign in with Twitter account
Sign in with Facebook account
List archives
Videos
Answers

users@httpd] mod_rewrite/mod_ssl questions

users@httpd] server configuration for 5000 hits per second
(30 lines)		 Re: [users@httpd] SSL protocol limits ignored?
(37 lines)
May 21, 2010
Beto Limoun
Beto Limoun
 
Hello group,

I am working on the mod_ssl configuration on a website and trying to
achieve following:
When a user accesses a page posting sensitive data to the server, the page
should be accessed in httpS mode. What I am doing to achieve this is that I
have a set of rewrite rules that will match the URI and invoke the httpS
page. [1]
This seems to be working fine.
The problem I am facing is that when in httpS mode I select a page that is
supposed to be accessed in http mode, apache still calls it in httpS mode.
I have added some rewrite rules to prevent this [2], but they somehow get
ignored. 

Example:
Being in httpS://localhost/myapp/user/register
I click on the linked  home page logo image and expect to be resent to
http://localhost/myapp/ but land instead in httpS://localhost/myapp/

I would appreciate if you can suggest a more elegant solution from your
own experience of a fix to my config below.

Many thanks in anticipation.

Beto

#
# 
#
RewriteLog "/private/var/log/apache2/rewrite.log"
RewriteLogLevel 9

Options +FollowSymlinks
RewriteEngine on

#[1] all /user, /subscription and /login pages should be served in https
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.+)$ - [env=ps:https]
RewriteRule ^.*/user(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteRule ^.*/subscription(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI}
[R,L]
RewriteRule ^.*/login(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]

#[2] For all other pages, if in https mode, serve the page in http mode.
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/(user.*|login.*|subscription.*)
RewriteRule ^(.+)$ - [env=ps:http]
RewriteRule ^(.+)$ %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Reply
Tags: accessesachieve
Messages in this thread
users@httpd] mod_rewrite/mod_ssl questions
reply Re: [users@httpd] mod_rewrite/mod_ssl questions
(77 lines) May 21, 2010 22:07
reply Re: mod_rewrite/mod_ssl questions
(101 lines) May 28, 2010 16:31
Similar Threads
users@httpd] mod_rewrite problem IP address coming in URL instead of domain name.
The configuration is like this

Code:
                               |--------------192.168.1.1
                               |            (site1.abc.com)
                               |
                               |--------------192.168.1.2
                               |            (site2.abc.com)
                               |
                               |
                               |
                               |
                               |--------------192.168.1.3
                               |            (site3.abc.com)
                               |
                               |
                               |
                               |
                               |--------------192.168.1.4
                               |            (site4.abc.com)
 (Public IP )              |
           A----------------- |
(reverse proxy server)|
 (192.168.1.25)         |
                               |--------------192.168.1.5
                               |            (site5.abc.com)

I am now talking about site5.abc.com
here is my virtualhost file
http://educommons.com/dev/browser/edu...nf.example.redhat
line 15 is specially noticeable.

  RewriteRule ^/(.*)
http://127.0.0.1:8080/VirtualHostBase...irtualHostRoot/ ^/(.*)

[P,L]





As far as I understand the above rule will match any URL  and replace  it
with
http://127.0.0.1:8080/VirtualHostBase/http/<Your Server
Name>:80/eduCommons/VirtualHostRoot/$1

What is happening is when I use at server A in above diagram
following for site5.abc.com (where site5 is where I hosted)

ProxyPass              /    192.168.1.5:8080/eduCommons
ProxyPassReverse  /    192.168.1.5:8080/eduCommons

any request for site5.abc.com gets replaced by 192.168.1.5:8080/eduCommons
at server A and then gets to 192.168.1.5 which is where it is hosted.

Here is the problem URL when I logged out or log in it is similar

http://192.168.1.5:8080/eduCommons/ac...coursebuilderform



So a part of it can be because I am using ProxyPass at Server A.
Should I change the vhost settings at Server A or
internal machine where
site5.abc.com is hosted.
Right now all the settings you see are on httpd.conf of internal
machine and not at A
do I need to do some thing on server A in above diagram.
svn commit: r947561 - in /httpd/httpd/trunk/docs/manual/mod: mod_ssl.html.en mod_ssl.xml
Author: jorton
Date: Mon May 24 08:33:02 2010
New Revision: 947561

URL: http://svn.apache.org/viewvc?rev=947561&view=rev
Log:
- wording tweaks for PeerExtList()

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
URL:
http://svn.apache.org/viewvc/httpd/ht...561&view=diff
svn commit: r951194 - in /httpd/httpd/trunk/modules/ssl: mod_ssl.c ssl_engine_init.c ssl_engine_io.c
Author: sf
Date: Thu Jun  3 22:57:00 2010
New Revision: 951194

URL: http://svn.apache.org/viewvc?rev=951194&view=rev
Log:
Introduce SSLLOG_MARK for use with ssl_log_ssl_error(). This will allow to
redefine APLOG_MARK later.

Modified:
    httpd/httpd/trunk/modules/ssl/mod_ssl.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_ocsp.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_pphrase.c
    httpd/httpd/trunk/modules/ssl/ssl_private.h
    httpd/httpd/trunk/modules/ssl/ssl_util.c
    httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c

Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL:
http://svn.apache.org/viewvc/httpd/ht...194&view=diff
svn commit: r951933 - /httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
Author: sf
Date: Sun Jun  6 19:31:42 2010
New Revision: 951933

URL: http://svn.apache.org/viewvc?rev=951933&view=rev
Log:
Fix typo.

Submitted by: Matt Selsky <selsky columbia edu>

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
URL:
http://svn.apache.org/viewvc/httpd/ht...933&view=diff
svn commit: r951934 - /httpd/httpd/branches/2.2.x/docs/manual/mod/mod_ssl.xml
Author: sf
Date: Sun Jun  6 19:33:02 2010
New Revision: 951934

URL: http://svn.apache.org/viewvc?rev=951934&view=rev
Log:
Fix typo.

PR: 49357
Submitted by: Matt Selsky <selsky columbia edu>

Modified:
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_ssl.xml

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_ssl.xml
URL:
http://svn.apache.org/viewvc/httpd/ht...934&view=diff
svn commit: r951904 - in /httpd/httpd/trunk: docs/manual/ssl/ssl_howto.xml modules/ssl/mod_ssl.c mod
Author: sf
Date: Sun Jun  6 17:10:23 2010
New Revision: 951904

URL: http://svn.apache.org/viewvc?rev=951904&view=rev
Log:
Replace LogLevelDebugDump with TRACE log levels

Modified:
    httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml
    httpd/httpd/trunk/modules/ssl/mod_ssl.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
    httpd/httpd/trunk/modules/ssl/ssl_private.h

Modified: httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml
URL:
http://svn.apache.org/viewvc/httpd/ht...904&view=diff
svn commit: r964741 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS docs/manual/mod/mod_rewrite.htm
Author: rjung
Date: Fri Jul 16 10:36:21 2010
New Revision: 964741

URL: http://svn.apache.org/viewvc?rev=964741&view=rev
Log:
Merge r960233 from trunk:

mod_rewrite: Allow to set environment variables without
explicitely giving a value.

Before this patch using [ENV=VAR] instead of [ENV=VAR:VAL]
silently drops the flag (it is added to the list of vars to set,
but then never actually set).

Submitted by: rjung
Reviewed by: rjung, niq, rpluem

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_rewrite.html.en
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_rewrite.xml
    httpd/httpd/branches/2.2.x/modules/mappers/mod_rewrite.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL:
http://svn.apache.org/viewvc/httpd/ht...741&view=diff
svn commit: r953785 - /httpd/httpd/trunk/modules/mappers/mod_rewrite.c
Author: covener
Date: Fri Jun 11 17:39:17 2010
New Revision: 953785

URL: http://svn.apache.org/viewvc?rev=953785&view=rev
Log:
mod_rewrite.c:447: warning: format not a string literal and no format
arguments


Modified:
    httpd/httpd/trunk/modules/mappers/mod_rewrite.c

Modified: httpd/httpd/trunk/modules/mappers/mod_rewrite.c
URL:
http://svn.apache.org/viewvc/httpd/ht...785&view=diff
svn commit: r960236 - in /httpd/httpd/trunk: CHANGES modules/mappers/mod_rewrite.c
Author: rjung
Date: Sat Jul  3 17:01:23 2010
New Revision: 960236

URL: http://svn.apache.org/viewvc?rev=960236&view=rev
Log:
Remove superfluous EOL from mod_rewrite logging.

It's no longer needed, since mod_rewrite now uses
our usual error log. The superfluous EOL was logged
as '\n'.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/mappers/mod_rewrite.c

Modified: httpd/httpd/trunk/CHANGES
URL:
http://svn.apache.org/viewvc/httpd/ht...236&view=diff
svn commit: r965798 - in /httpd/httpd/branches/2.2.x/docs/manual/mod: mod_rewrite.html.en mod_rewrit
Author: rjung
Date: Tue Jul 20 10:57:39 2010
New Revision: 965798

URL: http://svn.apache.org/viewvc?rev=965798&view=rev
Log:
Fix typo in rewrite docs (slash -> backslash).

Thanks to Denis Howe for the hint.

PR49620.

Modified:
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_rewrite.html.en
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_rewrite.xml

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_rewrite.html.en
URL:
http://svn.apache.org/viewvc/httpd/ht...798&view=diff
svn commit: r965801 - in /httpd/httpd/branches/2.0.x/docs/manual/mod: mod_rewrite.html.en mod_rewrit
Author: rjung
Date: Tue Jul 20 11:02:16 2010
New Revision: 965801

URL: http://svn.apache.org/viewvc?rev=965801&view=rev
Log:
Fix typo in rewrite docs (slash -> backslash).

Thanks to Denis Howe for the hint.

PR49620.
Backport of r965798 from 2.2.x.

Modified:
    httpd/httpd/branches/2.0.x/docs/manual/mod/mod_rewrite.html.en
    httpd/httpd/branches/2.0.x/docs/manual/mod/mod_rewrite.xml

Modified: httpd/httpd/branches/2.0.x/docs/manual/mod/mod_rewrite.html.en
URL:
http://svn.apache.org/viewvc/httpd/ht...801&view=diff
svn commit: r951946 - in /httpd/httpd/trunk/docs/manual/mod: mod_ssl.html.en quickreference.html.en
Author: rbowen
Date: Sun Jun  6 20:07:09 2010
New Revision: 951946

URL: http://svn.apache.org/viewvc?rev=951946&view=rev
Log:
Rebuild recent contributions.

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
    httpd/httpd/trunk/docs/manual/mod/quickreference.html.en

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
URL:
http://svn.apache.org/viewvc/httpd/ht...946&view=diff
httpd-2.2.3-43 + Mod_ssl + Mod_jk + tomcat-6.0.29
Dear pals,

 

I am trying to integrate apache and tomcat by   configuring web server +
mod_jk + mod_ssl + tomcat. This configuration would allow accessing
deployed
apps at tomcat from web server with https port. I did searched on archive
list and as well as Google it, perhaps couldn't able to find the solution.

 

My configuration works fine if I use http port. But my requirement is to
use
on https.

 

I have tomcat running on 8080, apache on 80, mod_ssl and mod_jk installed
and configured.

 

Kindly help on how to configure to use with https. 

 

Thanks in advance.

 

irfee
httpd-2.2.3-43 + Mod_ssl + Mod_jk + tomcat-6.0.29
Dear pals,

 

I am trying to configure web server + mod_jk + mod_ssl + tomcat. This
configuration would allow accessing deployed apps at tomcat from web
server
with https port. I did searched on archive list and as well as Google it,
perhaps couldn't able to find the solution.

 

My configuration works fine if I use http port. But my requirement is to
use
on https.

 

I have tomcat running on 8080, apache on 80, mod_ssl and mod_jk installed
and configured.

 

Kindly help on how to configure to use with https. 

 

Thanks in advance.

 

irfee
How to enable mod_rewrite on an Apache 2.2 installation? mod_rewrite.so doesn't exist.
Hey All,

I've installed Apache 2.2.14 on our Redhat Enterprise Linux ES 5.0
box. I use it host a couple of websites and it runs great. :)

I now need to add some redirect rules on Apache.
For example, I need to:
1) redirect http://mywebsite.com to http://www.mywebsite.com
2) redirect /about.html to /page/10/
etc

I executed httpd -l and found out that mod_rewrite wasn't enabled.
There is no mod_rewrite.so file on my machine.

Given that, is there an easy way to enable mod-rewrite without having
to build Apache from scratch?
If I had to bulid Apache from scratch, the configuration files
(httpd.conf, httpd-vhosts.conf etc) would be rewritten, right?

Please advise. Thank you very much for your time!

Thanks,
Joe

PS:
Here's the output of "httpd -l" command:
core.c
mod_authn_file.c
mod_authn_default.c
mod_authz_host.c
mod_authz_groupfile.c
mod_authz_user.c
mod_authz_default.c
mod_auth_basic.c
mod_isapi.c
mod_include.c
mod_filter.c
mod_log_config.c
mod_env.c
mod_setenvif.c
mod_version.c
mod_proxy.c
mod_proxy_connect.c
mod_proxy_ftp.c
mod_proxy_http.c
mod_proxy_scgi.c
mod_proxy_ajp.c
mod_proxy_balancer.c
mod_ssl.c
prefork.c
http_core.c
mod_mime.c
mod_status.c
mod_autoindex.c
mod_asis.c
mod_cgi.c
mod_negotiation.c
mod_dir.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_so.c
DO NOT REPLY Crashed on mod_ssl by throwing /usr/sbin/httpd.worker: free(): invalid pointer:
https://issues.apache.org/bugzilla/show_bug.cgi?id=47376

Joe Orton <jor### @redhat.com> changed:

           What    |Removed                     |Added
users@httpd] httpd vhost centralized logging
Hi All,

I have running various web farms and I'm looking for better solution to
forward all vhost logs to the centralized syslog server.  How do you guys
keep vhost logs? I have done googling this kind of setup but there is no
result.

I'm thinking to use logger tool for every httpd services running but it's
not an ideal because it takes more resources in server. Let say there are
50
vhost in a server, then 100 logger apps will be running because 2 logger
per
vhost (ErrorLog & CustomLog).

Thanks.

Regards,
James
svn commit: r960233 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_rewrite.html.en docs/manual
Author: rjung
Date: Sat Jul  3 16:21:58 2010
New Revision: 960233

URL: http://svn.apache.org/viewvc?rev=960233&view=rev
Log:
Allow to set environment variables using mod_rewrite without
explicitely giving a value.

Most modules only check presence of a variable, not the
value, so it makes sense to make the VAL argument in
the mod_rewrite ENV flag optional.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/docs/manual/mod/mod_rewrite.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml
    httpd/httpd/trunk/docs/manual/rewrite/flags.html.en
    httpd/httpd/trunk/docs/manual/rewrite/flags.xml
    httpd/httpd/trunk/modules/mappers/mod_rewrite.c

Modified: httpd/httpd/trunk/CHANGES
URL:
http://svn.apache.org/viewvc/httpd/ht...233&view=diff
svn commit: r951903 - in /httpd/httpd/trunk: docs/manual/mod/mod_rewrite.xml docs/manual/rewrite/int
Author: sf
Date: Sun Jun  6 17:09:43 2010
New Revision: 951903

URL: http://svn.apache.org/viewvc?rev=951903&view=rev
Log:
Replace RewriteLog/RewriteLogLevel with trace log levels

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml
    httpd/httpd/trunk/docs/manual/rewrite/intro.xml
    httpd/httpd/trunk/modules/mappers/mod_rewrite.c

Modified: httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml
URL:
http://svn.apache.org/viewvc/httpd/ht...903&view=diff