Forum Moderators: phranque
kernel-2.6.9-5.0.5.EL
openssl-0.9.7a-43.1
httpd-2.0.52-9.ent.centos4.1
squirrelmail-1.4.3a-9.EL4
DNS entries for all hosts having the form webmail.domain.dom all point to a single IP which provides the squirrelmail interface.
The basic working configuration in ./conf.d/squirrelmail.conf is:
#
# SquirrelMail is a webmail package written in PHP.
#
Alias /webmail /usr/share/squirrelmail
Redirect permanent \ [webmail.example.ca...] \ [webmail.example.ca...]
<Directory /usr/share/squirrelmail>
RewriteEngine on
RewriteCond %{SERVER_PORT}!=443
RewriteRule ^.* - [F]
ErrorDocument 403 [host.realdomain.realdom...]
</Directory>
This method requires that visitors enter the url in the form [webmail.domain.dom...] These rules force the use of an ssl connection to protect the login and message contents over the wire.
What I want to do is to obtain the same effect but allow request urls of either the present form or the simpler ones given below:
[webmail.domain.dom...] or
[webmail.domain.dom...]
with or without the trailing '/'
This I cannot seem to accomplish. I have the rewrite rules working but when this is done I get errors in the ssl_error_log as shown:
[Wed May 11 14:07:05 2005] [error] [client aaa.yyy.zzz.77] Directory index forbidden by rule: /var/www/html/
[Wed May 11 14:07:57 2005] [error] [client aaa.yyy.zzz.77] attempt to invoke directory as script: /usr/share/squirrelmail
[Wed May 11 14:08:08 2005] [error] [client aaa.yyy.zzz.77] attempt to invoke directory as script: /usr/share/squirrelmail
This is my revised squirrelmail.conf file:
#
# SquirrelMail is a webmail package written in PHP.
#
ScriptAlias /webmail/ /usr/share/squirrelmail
<Directory /usr/share/squirrelmail>
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
RewriteEngine on
RewriteLog "/var/log/httpd/rewrite_log"
RewriteLogLevel 9
# [webmail.anything.dom...]
RewriteCond %{HTTP_HOST} ^(www\.)?(webmail\.)(...*\.)(..*)$ [NC]
RewriteRule ^.*$ [webmail.%3%4...] [R]
It seems that the ScriptAlias directive is not working for the redirected URL. How do I get this to take effect?
Additionally, if I use a URL of the form [webmail.domain.com...] then I get the Apache Test page and there is no evidence of any rewritting taking place. Why is this and how do I force urls beginning with https to go through the same rewrite proceedure as ones beginning with http?
For what it is worth, the behaviour does not seem to change whether the ScripAlias directive is:
ScriptAlias /webmail
or
ScriptAlias /webmail/
[edited by: jdMorgan at 3:19 pm (utc) on May 13, 2005]
[edit reason] Examplified. [/edit]
The final ./conf.d/squirrelmail.conf I used is:
# squirrelmail.conf 2005 May 11 James B. Byrne JBB8
#
# SquirrelMail is a webmail package written in PHP.
# This configuration file forces users to connect via SSL
#
# If the incoming request is already https:// then this
# file will only be processed if the directive:
#
# Include /etc/httpd/conf.d/squirrelmail.conf
#
# is appended to ssl.conf for the default server or added
# to the virtual host configuration file of the virtual
# host used to process webmail. Note that ssl requires
# IP addressed virtual hosts to work.
#
Alias /webmail /usr/share/squirrelmail
<Directory /usr/share/squirrelmail>
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
RewriteEngine on
RewriteLog "/var/log/httpd/rewrite_log"
RewriteLogLevel 0
# Arguments $1, $2 etc. refer to () matches in the CURRENT RewriteRULE line.
#
# Arguments %1, %2 etc. refer to () matches in the LAST matched RewriteCOND.
# http://webmail.anything.dom/ or http://www.webmail.anything.dom/
RewriteCond %{HTTP_HOST} ^(www\.)?(webmail\.)(..+\.)(..+)$ [NC]
RewriteCond %{REQUEST_URI}!^/webmail/
RewriteRule ^.*$ https://webmail.%3%4/webmail/ [L,R]
# stop clever people from bypassing the short forms
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/webmail(/?¦/.*)$
RewriteCond %{HTTP_HOST} ^(.*\.)?(..+\.)(..+)$ [NC]
RewriteRule ^.*$ https://webmail.%2%3/webmail/ [L,R]
#EOF:
# squirrelmail.conf 2005 May 11 James B. Byrne JBB8
#
# SquirrelMail is a webmail package written in PHP.
# This configuration file forces users to connect via SSL
#
# If the incoming request is already https:// then this
# file will only be processed if the directive:
#
# Include /etc/httpd/conf.d/squirrelmail.conf
#
# is appended to ssl.conf for the default server or added
# to the virtual host configuration file of the virtual
# host used to process webmail. Note that ssl requires
# IP addressed virtual hosts to work.
#
Alias /webmail /usr/share/squirrelmail
<Directory /usr/share/squirrelmail>
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
RewriteEngine on
RewriteLog "/var/log/httpd/rewrite_log"
RewriteLogLevel 0
# Arguments $1, $2 etc. refer to () matches in the CURRENT RewriteRule line.
# Arguments %1, %2 etc. refer to () matches in the LAST matched RewriteCond.
# Do not process established ssl links
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^/webmail(/?¦/.*)$
RewriteRule (^.*$) - [L,R]
# [webmail.anything.dom...] or [webmail.anything.dom...]
RewriteCond %{HTTP_HOST} ^(www\.)?(webmail\.)(..+\.)(..+)$ [NC]
RewriteCond %{REQUEST_URI}!^/webmail/
RewriteRule ^.*$ [webmail.%3%4...] [L,R]
# stop clever people from bypassing the short forms
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/webmail(/?¦/.*)$
RewriteCond %{HTTP_HOST} ^(.*\.)?(..+\.)(..+)$ [NC]
RewriteRule ^.*$ [webmail.%2%3...] [L,R]
#EOF
Glad you got it working... It would have been difficult for anyone else here to come up with *all that*! :)
Thanks for posting the solution.
Jim
Well, if I do not put it somewhere that I can google then how will I ever find it again after I have fogotten how I solved it the first time?
Regards,
Jim
