Forum Moderators: phranque
I'm trying to force requests to a particular directory over HTTPS but want to make sure if they leave that directory, they are forced back over HTTP. I've searched through the forum and thought I found the answer many times but I can only get things working half way (HTTP to HTTPS).
I have everything in the httpd.conf file and I currently have the following (I've tried to include only the pertinent parts so let me know if there is anything else you would like to see from my conf file):
...
ServerName www.mydomain.com
UseCanonicalName Off
...
Listen W.X.Y.Z:80
Listen W.X.Y.Z:443
...
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
ServerName www.mydomain.com
ServerAlias *.mydomain.*
DocumentRoot "/usr/IHSContent/mydomain"
DirectoryIndex index.htm
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE¦TRACK¦DELETE¦OPTIONS¦CONNECT¦PUT) [NC]
RewriteRule .* - [F]
RewriteCond %{REQUEST_URI} ^.*/forms/ [NC]
RewriteRule ^(.*)$ [mydomain.com$1...] [R=301,L]
</VirtualHost>
<VirtualHost *:80>
ServerName www.mysubdomain.com
ServerAlias *.mysubdomain.*
DirectoryIndex index.htm
DocumentRoot /usr/IHSContent/mydomain/mysubdomain
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE¦TRACK¦DELETE¦OPTIONS¦CONNECT¦PUT) [NC]
RewriteRule .* - [F]
</VirtualHost>
<VirtualHost *:443>
ServerName www.mydomain.com
DocumentRoot /usr/IHSContent/mydomain
SSLEnable
SSLV3Timeout 1000
SSLCipherSpec 34
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE¦TRACK¦DELETE¦OPTIONS¦CONNECT¦PUT) [NC]
RewriteRule .* - [F]
RewriteCond %{REQUEST_URI} !^.*/forms/ [NC]
RewriteRule ^(.*)$ [mydomain.com$1...] [R=301,L]
</VirtualHost>
So again...what I want to happen is if someone requests a page that resides in a "forms" directory...no matter how deep it is in the path...I want that request to be redirected over HTTPS. If the person navigates away from that directory, I want them to be redirected over HTTP.
I have the HTTP to HTTPS working great. But when I try the HTTPS to HTTP code, all requests for pages over HTTPS fail with a "Page Cannot be Displayed" error.
On a side note...is this the best method to use for this functionality? Should I be trying the "redirect" directive?
Thanks,
Jim
"Page Cannot be Displayed" -- Is this an IE error message? If so, you might want to dig into the Internet Options dialog and disable "Show friendly HTTP error messages" option. IE's "friendly" messages could also be termed "uninformative"...
Also take a look at the server error log, as it may contain information that will be quite useful.
Be sure to restart the server and completely flush (delete) your browser cache after changing any server-side code in order to avoid seeing stale browser-cached pages and server responses.
Jim
I did try clearing my cache and closing my browser but still could not get the content to display over SSL when viewing content in the /forms/ directory or redirect me back to HTTP if I wasn't in the /forms/ directory. As a matter of fact, when I typed this URL --> [mydomain.com,...] it just displayed the IE error and left the URL as is. So it must be something related to either my configuration of the virtualhost container for 443 (which works fine when I comment out the rewrite stuff) or a problem with my rewritecond or rewriterule (which is the exact opposite of what I have in the port 80 container).
The funny thing is...I have this working fine on another server with only slight configuration differences. The server it's working on is in a network layer that isn't open to the public. The server it's not working on is in the public network...so then I start thinking that maybe it's a BigIP firewall problem. Would persistence have anything to do with this not working?
Sorry...at a bit of a loss and not sure what to try next.
"Page Cannot be Displayed" -- Is this an IE error message? If so, you might want to dig into the Internet Options dialog and disable "Show friendly HTTP error messages" option. IE's "friendly" messages could also be termed "uninformative"...Also take a look at the server error log, as it may contain information that will be quite useful.
Jim
