1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 4:49 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Again HTTPS to HTTP config

         

rams98

4:49 pm on Nov 22, 2010 (gmt 0)

10+ Year Member



Hi All,

Actually I was very basic in Apache Configuration. I have seen lot of threads already discussed here about this topic. But still i couldn't make it work. I don't know how to resolve the issue.

My Current Situation:
I have running website which was developed in Java and running in Tomcat and Apache in front.

What I have done:
I have added virtualhost for my 443 port in httpd.conf and rewrite rules in rewrite.conf

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache shm:/usr/local/apache2/logs/ssl_cache_shm
SSLSessionCacheTimeout 600

NameVirtualHost www.mysite.com:443

<VirtualHost www.mysite.com:443>
JkMountCopy On

ServerName www.mysite.com
DocumentRoot "C:/project/"
SSLEngine on
SSLOptions +StrictRequire


SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM


SSLCertificateFile "D:/apache2.2/conf/extra/ssl/www.mysite.com.crt"
SSLCertificateKeyFile "D:/apache2.2/conf/extra/ssl/www.mysite.com.key"

SSLVerifyClient none
SSLProxyEngine off

<IfModule mime.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfModule>
# other SSL stuff

Alias /lc "C:/project"
<Directory "C:/project">
Options Indexes FollowSymLinks
</Directory>

JkMount /project/servlet/* ajp13
JkMount /project/*.jsp ajp13

<Location "/project/WEB-INF/">
AllowOverride None
Deny from all
</Location>


</VirtualHost>
</IfModule>

and in rewrite.conf

RewriteCond %{SERVER_PORT} ^80$
RewriteCond %{REQUEST_URI} CustomerControl.do [OR]
RewriteCond %{REQUEST_URI} success.php
RewriteRule (.*) [%{HTTP_HOST}%{REQUEST_URI}...] [R=301,L]

RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} !^CustomerControl.do
RewriteRule (.*) [%{HTTP_HOST}%{REQUEST_URI}...] [R=301,L]


The thing is http to https working fine...but https to http is not at working.
I am not sure whether i have added all the necessary config in httpd.conf
is anything to be added?

is anybody is there to help me?

Do somebody have full sample httpd.conf or rewrite.conf?

jdMorgan

7:43 pm on Nov 30, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



If it's not working at all for HTTPS, then that indicates that your rule is not being executed for HTTPS requests. In other words, you need to put the https->http rule into a different config file, one that will get executed for HTTPS requests.

Note also that the two rules should likely be 'mirror images' of each other, and that both should exclude content (such as images, css or javascript files) that are shared between http and https (if any) so that requests for these objects are not redirected. This avoids "Mixed secure/insecure content warnings in the browser -- warnings that can cause people to panic and leave your site. In addition, literal periods in your regex patterns must be escaped:

In HTTP config file: 

# Redirect insecure requests for secure pages to https
RewriteCond %{SERVER_PORT} =80
RewriteCond $1 ^CustomerControl\.do$ [OR]
RewriteCond $1 ^success\.php$
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]


In HTTPS config file: 

# Redirect secure requests for non-secure pages to http, except for shared objects
RewriteCond %{SERVER_PORT} =443
RewriteCond $1 !\.(gif|jpe?g|png|ico|css|js)$
RewriteCond $1 !^CustomerControl\.do$
RewriteCond $1 !^success\.php$
RewriteRule ^/(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]

Once you are sure you've got these rules in the right config files, you should be able to delete the first RewriteCond of each rule, since the code will only run for the correct protocol.

Jim
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 4:49 am May 2, 2026