Welcome to WebmasterWorld Guest from 52.91.39.106

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

Mod_Rewrite

Trying to force squirrelmail to use ssl +more

     
6:51 pm on May 11, 2005 (gmt 0)

New User

10+ Year Member

joined:Apr 18, 2005
posts:9
votes: 0


I am setting up a squirrelmail interface to our imap service and, while I have a basic configuration working, I would like to present a more polished appearance to our clients.

kernel-2.6.9-5.0.5.EL
openssl-0.9.7a-43.1
httpd-2.0.52-9.ent.centos4.1
squirrelmail-1.4.3a-9.EL4

DNS entries for all hosts having the form webmail.domain.dom all point to a single IP which provides the squirrelmail interface.

The basic working configuration in ./conf.d/squirrelmail.conf is:

#
# SquirrelMail is a webmail package written in PHP.
#
Alias /webmail /usr/share/squirrelmail

Redirect permanent \ [webmail.example.ca...] \ [webmail.example.ca...]

<Directory /usr/share/squirrelmail>

RewriteEngine on
RewriteCond %{SERVER_PORT}!=443
RewriteRule ^.* - [F]
ErrorDocument 403 [host.realdomain.realdom...]

</Directory>

This method requires that visitors enter the url in the form [webmail.domain.dom...] These rules force the use of an ssl connection to protect the login and message contents over the wire.

What I want to do is to obtain the same effect but allow request urls of either the present form or the simpler ones given below:

[webmail.domain.dom...] or
[webmail.domain.dom...]

with or without the trailing '/'

This I cannot seem to accomplish. I have the rewrite rules working but when this is done I get errors in the ssl_error_log as shown:

[Wed May 11 14:07:05 2005] [error] [client aaa.yyy.zzz.77] Directory index forbidden by rule: /var/www/html/
[Wed May 11 14:07:57 2005] [error] [client aaa.yyy.zzz.77] attempt to invoke directory as script: /usr/share/squirrelmail
[Wed May 11 14:08:08 2005] [error] [client aaa.yyy.zzz.77] attempt to invoke directory as script: /usr/share/squirrelmail

This is my revised squirrelmail.conf file:

#
# SquirrelMail is a webmail package written in PHP.
#
ScriptAlias /webmail/ /usr/share/squirrelmail

<Directory /usr/share/squirrelmail>
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>

RewriteEngine on
RewriteLog "/var/log/httpd/rewrite_log"
RewriteLogLevel 9

# [webmail.anything.dom...]

RewriteCond %{HTTP_HOST} ^(www\.)?(webmail\.)(...*\.)(..*)$ [NC]

RewriteRule ^.*$ [webmail.%3%4...] [R]

It seems that the ScriptAlias directive is not working for the redirected URL. How do I get this to take effect?

Additionally, if I use a URL of the form [webmail.domain.com...] then I get the Apache Test page and there is no evidence of any rewritting taking place. Why is this and how do I force urls beginning with https to go through the same rewrite proceedure as ones beginning with http?

For what it is worth, the behaviour does not seem to change whether the ScripAlias directive is:

ScriptAlias /webmail
or
ScriptAlias /webmail/

[edited by: jdMorgan at 3:19 pm (utc) on May 13, 2005]
[edit reason] Examplified. [/edit]

7:09 pm on May 11, 2005 (gmt 0)

New User

10+ Year Member

joined:Apr 18, 2005
posts:9
votes: 0


OK, I changed the ScriptAlias to Alias. Now everything works except https:// prefixed requests. These do not trigger the rewrite engine and as a result dump the client to the Apache Test page. How do I get https:// requests to trigger the rewrite rules?
1:15 pm on May 13, 2005 (gmt 0)

New User

10+ Year Member

joined:Apr 18, 2005
posts:9
votes: 0

Well, I solved my problem and I will post my solution here so that anyone else encountering a similar situation may possibly avoid the same degree of frustration that I encountered.

The final ./conf.d/squirrelmail.conf I used is:

# squirrelmail.conf 2005 May 11 James B. Byrne JBB8
#
# SquirrelMail is a webmail package written in PHP.
# This configuration file forces users to connect via SSL
#
# If the incoming request is already https:// then this
# file will only be processed if the directive:
#
# Include /etc/httpd/conf.d/squirrelmail.conf
#
# is appended to ssl.conf for the default server or added
# to the virtual host configuration file of the virtual
# host used to process webmail. Note that ssl requires
# IP addressed virtual hosts to work.
#
Alias /webmail /usr/share/squirrelmail

<Directory /usr/share/squirrelmail>
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>

RewriteEngine on
RewriteLog "/var/log/httpd/rewrite_log"
RewriteLogLevel 0

# Arguments $1, $2 etc. refer to () matches in the CURRENT RewriteRULE line.
#
# Arguments %1, %2 etc. refer to () matches in the LAST matched RewriteCOND.

# http://webmail.anything.dom/ or http://www.webmail.anything.dom/

RewriteCond %{HTTP_HOST} ^(www\.)?(webmail\.)(..+\.)(..+)$ [NC]
RewriteCond %{REQUEST_URI}!^/webmail/
RewriteRule ^.*$ https://webmail.%3%4/webmail/ [L,R]

# stop clever people from bypassing the short forms
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/webmail(/?/.*)$
RewriteCond %{HTTP_HOST} ^(.*\.)?(..+\.)(..+)$ [NC]
RewriteRule ^.*$ https://webmail.%2%3/webmail/ [L,R]

#EOF:

1:50 pm on May 13, 2005 (gmt 0)

New User

10+ Year Member

joined:Apr 18, 2005
posts:9
votes: 0


This needed one more check to prevent rewritting sessions in progress. Corrected squirrelmail.conf follows:

# squirrelmail.conf 2005 May 11 James B. Byrne JBB8
#
# SquirrelMail is a webmail package written in PHP.
# This configuration file forces users to connect via SSL
#
# If the incoming request is already https:// then this
# file will only be processed if the directive:
#
# Include /etc/httpd/conf.d/squirrelmail.conf
#
# is appended to ssl.conf for the default server or added
# to the virtual host configuration file of the virtual
# host used to process webmail. Note that ssl requires
# IP addressed virtual hosts to work.
#
Alias /webmail /usr/share/squirrelmail

<Directory /usr/share/squirrelmail>
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>

RewriteEngine on
RewriteLog "/var/log/httpd/rewrite_log"
RewriteLogLevel 0

# Arguments $1, $2 etc. refer to () matches in the CURRENT RewriteRule line.
# Arguments %1, %2 etc. refer to () matches in the LAST matched RewriteCond.

# Do not process established ssl links
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^/webmail(/?/.*)$
RewriteRule (^.*$) - [L,R]

# [webmail.anything.dom...] or [webmail.anything.dom...]
RewriteCond %{HTTP_HOST} ^(www\.)?(webmail\.)(..+\.)(..+)$ [NC]
RewriteCond %{REQUEST_URI}!^/webmail/
RewriteRule ^.*$ [webmail.%3%4...] [L,R]

# stop clever people from bypassing the short forms
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/webmail(/?/.*)$
RewriteCond %{HTTP_HOST} ^(.*\.)?(..+\.)(..+)$ [NC]
RewriteRule ^.*$ [webmail.%2%3...] [L,R]

#EOF

3:16 pm on May 13, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


JB,

Glad you got it working... It would have been difficult for anyone else here to come up with *all that*! :)

Thanks for posting the solution.

Jim

3:45 pm on May 13, 2005 (gmt 0)

New User

10+ Year Member

joined:Apr 18, 2005
posts:9
votes: 0


Thanks for posting the solution.

Well, if I do not put it somewhere that I can google then how will I ever find it again after I have fogotten how I solved it the first time?

Regards,
Jim

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members