Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hi, i have a situation and i am trying to figure out how to handle it. i have a webserver and domain i use. on said domain i have a webdav server that i use for a lot of stuff. the way i have it set up is i have a https://hostanme.domain.com/dav-site that is the domain to connect to my dav server. that is password protected but when you put in http://hostname.domain.com/dav-site, it is allowing the browser through.
what i am trying to do is stop that so people cannot get to my dav site without a password. what i figured is one of two ways, the first...
and the second is to use mod-rewrite which i have not used that much. i cannot get the above redirect working though and so i am hoping someone can give me a little advice as to the best way to deal with this and how...
I'm still learning more about this myself so I may be wrong and hopefuly someone else can correct me if so but looking at your permanent redirect in the conf file, your document root is
Code:
/usr/local/apache2/htdocs
Your permanent redirect is looking for the sites old location in / so if im correct your re-direct should look something like this maybe?
hi stevne, i appreciate the response but document root tells simply where your websites initial page lies. in a redirect statement, it is all but useless if you have the rest of the site coded properly which at this point i am thinking i might not. and document root is defined already somewhere in your httpd.conf file so it would be unnecessary to define it twice.
the redirect statement tells apache from the document root, what website location to redirect and to where. so you combine the document root and the first part of the redirect to tell apache which directories or queries to redirect where...
so in the example i posted, redirect permanent "/" "https://blah", redirects your entire website from insecure http to secure https.
my issue is that i have a website which is fine where it is but i am trying to redirect part or the "backend" of my website, the dav directory, from http to https. when put into the browser https, it asks for the pass... fine however as i just discovered, when i put in http... it does not challenge me with anything. i want to prevent http requests from getting through unchallenged however that is where i am running into issues.
i am not entirely sure how mod_rewrite works but what i read on the apache website is that it is over-kill using that so i should use that route however it is not working and i am trying to figure out why.
my issue is that i have a website which is fine where it is but i am trying to redirect part or the "backend" of my website, the dav directory, from http to https. when put into the browser https, it asks for the pass... fine however as i just discovered, when i put in http... it does not challenge me with anything. i want to prevent http requests from getting through unchallenged however that is where i am running into issues.
Does http -> https work? It should work, so if it doesn't, clear your browser cache, or use another browser to test.
BTW, in your config snippet, you use the "redirect permanent" in the mysite.example.com vhost, but in your requirement you say you want http://hostname.domain.com/dav-site -> https://hostname.domain.com/dav-site. I guess that hostname.domain.com is the same as mysite.example.com, or else it's not going to work.
Quote:
i am not entirely sure how mod_rewrite works but what i read on the apache website is that it is over-kill using that so i should use that route however it is not working and i am trying to figure out why.
I agree that mod_rewrite is too much if you want to redirect all of your http site to https
okay, i think i fingered this out now. the issue, *i believe but am not 100 sure* is that i wrote my httpd page and made a few errors in the way it was laid out. first i put the alias statement within the virtual host. i am not sure that is a big deal but.
second for security purposes i wrote inside the virtual host tag, a directory directive and a location directive. from my readings i you were supposed to leave the directory one less strict. then the location one i wrote with the dav stuff. i think the two were conflicting a bit and when i hit http it would allow it through by the directory directive and when i hit https it would force the password prompt.
so i dropped the location directive since i am not 100% sure how it works and i put the dav stuff into the directory directive and put a redirect above it inline and it seems to be working 100%. the http now redirects to the https and prompts for password...awesome!!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.