LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
Search this Thread
Old 03-10-2008, 08:28 PM   #1
hivtop
LQ Newbie
 
Registered: Jan 2005
Location: In the Desert
Distribution: RedHat 9
Posts: 26

Rep: Reputation: 15
Question http > https for 1 of 6 sites


here goes...
first: production box is fc4 (yea it's old but it works good), kernel 2.6.17-1.2142_FC4, Apache 2.0.54, php 5.0.4-10.5, running 6 websites, mail, SSH, ssl, etc... everything is working fine.

ONE of the sites has a secure Cert. and works fine on port 443 when you type HTTPS://... but shows apache 404 error page when http:// as the address.

my question: how do I make apache redirect all http port 80 request, FOR THIS SITE ONLY to HTTPS port 443.


before you say it.. I've tried:

RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://www.securesite.com/ [R]
and
Redirect permanent / https://www.securesite.com/

in the httpd.conf file but apache wants to redirect ALL 6 site to HTTPS://www.securesite.com/ (not good... hahaha)

I tried adding both of the above (one at a time, hahaha) to a .htaccess file in the public dir and also as directives in the <VirtualHost> section of httpd.conf, FOR THE SITE, but still got the apache 404 page...

I've also tried making "auto-redirect" and "be safe - click here" error pages with:
ErrorDocument 404 /go2secure.html
then:
ErrorDocument 404 /var/home/public_html/error/go2secure.html

in both files (httpd.conf and .htaccess) but still got the apache 404 page... (go2secure.htm never loaded/displayed in the browser)

all checks were tried with both IE and Foxfire...

any suggestions would be great...

hivtop

"to bad there are so many hackers cuz windows would be so much easier"... hahaha
 
Old 03-11-2008, 01:27 PM   #2
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
The short answer is you cannot do this. HTTP is a protocol that transmits data in the clear from requestor to server and back. The HTTPS protocol first establishes a secure connection, and then transmits data in both directions across that channel. If you were successful in redirecting the traffic to the "wrong" port, the browser and the server would disagree (violently) on the protocol to observe.

In order for Apache to respond correctly to connection requests, it must receive HTTP traffic on one port, and HTTPS traffic on a different port. By default, these are 80 and 443, respectively. Unfortunately, the details of the HTTPS protocol require that the client and server set up an encrypted channel before any data is exchanged, including the site URL being requested; this means that only one secure website can be supported in any meaningful way per IP address. Details are available via a Google search, if you want them.

If what you want to do is to have both kinds of access to (mostly) the same pages, then the cleanest way to do this is to configure two virtual hosts with the same DocumentRoot, (one listening on port 80 and the other on port 443) and then include any additional directories in the HTTPS virtual host using the <Directory> tag.

In order to keep HTTPS requests made from other sites out of your special site, declare another virtual host that listens on port 443 before the declaration of the special site. That way, if the site name requested does not match your special site, Apache will take the default action, which is to use the first virtual host listed in the configuration. This trapping virtual host can just point to a single page that says, in effect, "Don't bother me; there is no HTTPS support for this site". A side effect of this scheme is that (because of the one-site-per-IP rule, the requestor will get a copy of the certificate for your special site, and it should complain to its user that the certificate received does not match the site requested.

If my wild guess about what you are trying to achieve is way off the mark, let us know what, in fact, you are attempting to do, and perhaps a solution to your problem will appear.

Good luck.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid 2.6 not accessing https sites unixashoke Linux - Newbie 2 04-04-2008 07:52 AM
Squid and https sites 2buck56 Linux - Security 6 06-14-2007 03:06 AM
Client cannot open few https://.. sites i.e. secure sites rajeshghy Linux - General 1 11-02-2006 06:30 AM
Firefox cannot load https sites. Lambda_Core Linux - Software 3 08-27-2006 05:24 PM
Accessing hotmail, other https sites Tenover Linux - Newbie 3 09-04-2003 02:02 PM


All times are GMT -5. The time now is 06:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration