Need Help with Network solutions force ssl - Apache Web Server forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Need Help with Network solutions force ssl

mennouth

9:50 pm on Mar 15, 2010 (gmt 0)

10+ Year Member

ok, i am working on a page hosted by network solutions and I have tried just about everything every thing.
I found out through the ssl forum that they do ssl through a proxy, so the simple redirect of

#RewriteEngine On
#RewriteCond %{SERVER_PORT} !443
#RewriteRule (.*) [example.com...] [R]

causes a loop, if the following is true.
the page you are redirecting to is in the same folder as the .htaccess file, so if it is placed in the root the browser just continuously reloads the page.

I am prety sure that the issue is that because of the way NS does SSL the server is not realizing that it has switched to ssl and there fore applies the rule continually redirecting the site to itself over and over again.
i found one place saying to redirect the pages to [secure.netsolhost.com...] and the redirect works, but with the same condition as above if the redirect is in the root of the web page it loops,
i tried to change it to

RewriteEngine on
RewriteCond %{HTTP_HOST} !^secure.netsolhost.com
RewriteRule (.*) [secure.netsolhost.com...]

with not success, I have even tried to put the php code redirects in the index.php files and it loops

Im at my wits end, does anyone have any help they can give me?

jdMorgan

3:31 pm on Mar 16, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

This is --to use a highly-technical term-- "very weird."

For the purpose of enlightening both yourself and us, please use the "Live HTTP Headers" add-on for Firefox and Mozilla-based browsers (or a similar tool or add-on), and look at (and tell us) the sequence of requested protocol+hostname+URL-paths that you see when you get into this loop.

Please omit all the other header info -- all we need to know is the complete requested URL (protocol+hostname+URL-path) and the complete redirected-to URL(s), and only for one or two iterations of the loop -- until the loop "settles down" and the destination URL(s) is/are always the same.

BTW, "[R][L]" is invalid syntax. You likely want "[R=301,L]" for a redirect.

Jim

mennouth

5:38 pm on Mar 16, 2010 (gmt 0)

10+ Year Member

Ok here are the first two iterations
and its probably more info than you wanted

----------------------------------------------------------
http://example.com/testssl/phpinfo.php

GET /testssl/phpinfo.php HTTP/1.1
Host: example.com

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET, PHP/5.2.6
Location: [example.com...]
----------------------------------------------------------
[example.com...]

GET /testssl/phpinfo.php HTTP/1.1
Host: example.com

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET, PHP/5.2.6
Location: [example.com...]
----------------------------------------------------------
[example.com...]

GET /testssl/phpinfo.php HTTP/1.1
Host: example.com

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET, PHP/5.2.6
Location: [example.com...]
----------------------------------------------------------

[edited by: jdMorgan at 8:26 pm (utc) on Mar 16, 2010]
[edit reason] Trimmed as requested, domain name replaced as required. [/edit]

mennouth

5:42 pm on Mar 16, 2010 (gmt 0)

10+ Year Member

That was the header log with the following at the top of the phpinfo file.

//<?

//Redirect to https if accessed over http (except when running locally) if ($_SERVER['SERVER_NAME'] != "localhost")
//{
//$port = $_SERVER["SERVER_PORT"];
//$ssl_port = "443"; //Change 443 to whatever port you use for https (443 is the default and will work in most cases)
//if ($port != $ssl_port)
//{
//$host = $_SERVER["HTTP_HOST"];
//$uri = $_SERVER["REQUEST_URI"];
//header("Location: [$host$uri");...]
// }
//}

// SSL check - $http_host returns <live site url>:<port number if it is 443>
//$http_host = explode(':', $_SERVER['HTTP_HOST'] );
//if( (!empty( $_SERVER['HTTPS'] ) && strtolower( $_SERVER['HTTPS'] ) != 'off' || isset( $http_host[1] ) && $http_host[1] == 443) && substr( $mosConfig_live_site, 0, 8 ) != 'https://' ) {
//$mosConfig_live_site = 'https://'.substr( $mosConfig_live_site, 7 );
//}
//?>
it is commented now I know, checking with the htaccess file.

mennouth

5:48 pm on Mar 16, 2010 (gmt 0)

10+ Year Member

#Options +FollowSymLinks -MultiViews
RewriteEngine on
# and if requested hostname is NOT "www.example.com"
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !secure.netsolhost.com
RewriteRule (.*) [secure.netsolhost.com...]

there is my .htaccess file the first line causes issues in rendering the production pages.

and here is the header log
----------------------------------------------------------
[example.com...] :

GET /testssl/phpinfo.php HTTP/1.1
Host: example.com

HTTP/1.1 302 Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: [secure.netsolhost.com...]
----------------------------------------------------------
[secure.netsolhost.com...]

GET /example.com/testssl/phpinfo.php%5bL%5d HTTP/1.1
Host: secure.netsolhost.com

HTTP/1.1 302 Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: [secure.netsolhost.com...]
----------------------------------------------------------

[edited by: jdMorgan at 8:27 pm (utc) on Mar 16, 2010]
[edit reason] Trimmed as requested, domain name removed as required. [/edit]

jdMorgan

8:22 pm on Mar 16, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

In both cases, the problem appears to be in the text that I bolded when editing your posts to comply with my request and the WebmasterWorld Terms of Service.

The answers posted above are intended for use on Apache servers; Use with ISAPI Rewrite (or other mod-Rewrite-like add-ons) on IIS will require modification beyond the scope of this forum. Syntax and variable names may be expected to be different.

I'm not sure if it will help, but the proper Apache mod_rewrite syntax for your two rules would be:


RewriteEngine on
#
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^(.*)$ https://www.example.com/require-secure/$1 [R=301,L]

-and-

RewriteEngine on
#
RewriteCond %{HTTP_HOST} !^secure\.netsolhost\.com
RewriteRule ^ https://secure.netsolhost.com/mydomain.com/testssl/phpinfo.php [R=301,L]

Jim

mennouth

8:36 pm on Mar 16, 2010 (gmt 0)

10+ Year Member

I was surprised by the IIS 6.0 listing as well based on the documentation and based on what I have been told by the tech department, the server runs Apache 2.1 and mod rewrite is installed and enabled.

mennouth

8:39 pm on Mar 16, 2010 (gmt 0)

10+ Year Member

/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/opt/bin:/var/hivedb/:/usr/services/vux/apache/bin:/usr/services/vux/mysql/bin

that is from the phpinfo.php file you can access it at

<snip>

I am not sure why the header pulls up an iis V6 listing but the server is apache.

[edited by: jdMorgan at 9:10 pm (utc) on Mar 16, 2010]
[edit reason] Please do not violate our Terms of Service (See link below). [/edit]

russell55

4:51 am on Apr 27, 2010 (gmt 0)

10+ Year Member

The reason you get into a redirect loop is this:

1 - You send an http request to your domain.
2 - You check if https is on.
3 - If https is not on, you redirect to [secure.netsolhost.com......]
4 - you arrive at your script again, expecting to have https on this time... BUT

https:secure.netsolhost.com is a proxy server which forwards the ssl request to your domain UNENCRYPTED using FCGI.

So, your script or httpd rewrite rules will never do what you intend.

That also mangles up the $_POST and $_GET superglobals whe going through their shared ssl server.

I'm working on a workaround for that as we speak. :-)

Cheers,
Don Russell

According to nelsol tech sup, you need to buy an SSL cert if you don't like that exposure. :-(