Find the answer to your Linux question:
Results 1 to 8 of 8
Hi all, I have the following web content subdirectory structure: My domain is www(dot)example(dot)com My document root is /www/example.com/ I have two subdirectories under the document root, namely, vacation and ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2010
    Posts
    6

    SSL disabled when "s" in "https" is removed


    Hi all,

    I have the following web content subdirectory structure:

    My domain is www(dot)example(dot)com

    My document root is /www/example.com/

    I have two subdirectories under the document root, namely, vacation and home, which I want SSL enabled. Also whenever I removed 's' from 'https', SSL get disabled.

    My SSL certificate is registered under www(dot)example(dot)com and somehow, my document root contents, excluding vacation and home, always get SSL enabled which should not be.

    Here is my apache httpd.conf settings:

    <VirtualHost www(dot)example(dot)com:80>
    DocumentRoot /www/example.com
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/vacation$ https://www(dot)example(dot)com/vacation/$1 [R]
    RewriteRule ^/home$ https://www(dot)example(dot)com/home/$1 [R]
    </VirtualHost>

    <VirtualHost www(dot)example(dot)com:443>
    DocumentRoot /www/example.com
    SSLEngine on
    SSLCertificateFile ...
    SSLCertificateKeyFile ...
    SSLCACertificateFile ...
    <Directory /www/example.com/vacation>
    SSLOptions +StrictRequire
    SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
    </Directory>

    <Directory /www/example.com/home>
    SSLOptions +StrictRequire
    SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
    </Directory>
    </VirtualHost>

    Is there anything wrong?

    Thanks in advance!
    Last edited by jclim; 01-31-2011 at 09:49 AM. Reason: typo errors

  2. #2
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    you've got there two rewrite rules that force the protocol to be https.

  3. #3
    Just Joined!
    Join Date
    Jan 2010
    Posts
    6
    Thanks for your response. Somehow, this setup does not maintain the SSL connection when 's' is removed from https. Can you offer some advices on the regular expression composition?

  4. #4
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    I don't even understand why it should be there. Why is it important that users who access ^/vacation or ^/home are forced to use ssl and are not allowed to freely decide whether they want ssl or not?

  5. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by Kloschüssel View Post
    I don't even understand why it should be there. Why is it important that users who access ^/vacation or ^/home are forced to use ssl and are not allowed to freely decide whether they want ssl or not?
    How many users do you know that really understand security or know what they need?
    I can understand the OP wanting SSL only connections.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #6
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    ... sure ... but jclim is the op and I hope that he knows what he is doing. even if - without offense - i'm not sure at all when i come thinking about it. therefore these decisions are OT (off topic) for everyone but jclim.

  7. #7
    Just Joined!
    Join Date
    Jan 2010
    Posts
    6
    Hi guys!

    Well, the names are hypothetical but the situation is how it is in my workplace. I was left or was handed down with this awkward setup and as you guys know, as sysads, we need to make things work no matter what.

    the reason i need those two subdirectories SSL enabled is both contain a fairly huge information system which needs traffic to be encrypted. I know it's odd to put them in subdirectories rather than subdomain the reason being our systems are really messy and i am currently doing some needed cleanup.

    but again, returning to my previous question, why does removing 's' in https disables SSL, something wrong with my regex in my rewrite rules?

  8. #8
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    ok, i think i got your problem now. you expect the redirect rule to redirect requests coming with http to https by matching the request port <> 443.

    RewriteCond %{SERVER_PORT} !^443$
    so this line may be wrong, use the variable HTTPS instead and match for the strings "on", "off". read here

    and it should read like this:

    RewriteCond W X
    RewriteRule Y Z

    RewriteCond W X
    RewriteRule O P
    instead of:

    RewriteCond W X
    RewriteRule Y Z
    RewriteRule O P

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •