Help with Apache2 site configuration

auskento · 02-15-2009, 09:51 PM

I have the following vhost.

Code:

<VirtualHost *:443>
ServerName site.mydomain.com
DocumentRoot "/websites/site.mydomain.com"

        SSLEngine On
        SSLCipherSuite ALL
        SSLCertificateFile /etc/apache2/ssl/server.crt
        SSLCertificateKeyFile /etc/apache2/ssl/server.key

        <Directory />
                Options Indexes FollowSymLinks Indexes MultiViews ExecCGI Includes
                IndexOptions FancyIndexing FoldersFirst NameWidth=*
                HeaderName header.html
                IndexIgnore header.html
                allow from all

                AuthName "Access Authentication"
                AuthUserFile /etc/apache2/usenet.pwd
                AuthType Basic
                Require valid-user

        </Directory>
</VirtualHost>

<VirtualHost *:80>
ServerName site.mydomain.com
DocumentRoot "/websites/site.mydomain.com"

        <Directory />
                Options Indexes FollowSymLinks Indexes MultiViews ExecCGI Includes
                IndexOptions FancyIndexing FoldersFirst NameWidth=*
                HeaderName header.html
                IndexIgnore header.html
                Order deny,allow
                Deny from all
                allow from 192.168.0.0/255.255.255.0
        </Directory>
</VirtualHost>

I am wanting to accomplish the following access to it.

1) If http://site.mydomain.com from internal network, allow
2) If http://site.mydomain.com from external network, forward to https (for SSL and authentication)

What directive should I put in the *:80 site configuration to do this, without breaking internal http access.
(Various services internally will not operate on https)

j-ray · 02-16-2009, 02:11 AM

http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
take a look at
RewriteCond Directive

http://httpd.apache.org/docs/2.2/rew...ite_guide.html

gml_ger · 02-16-2009, 02:23 PM

Code:

<Directory /path/to/your/website>
 RewriteEngine on

  #check if the request is not from the internal network (here 192.168.*.*)
  RewriteCond %{REMOTE_ADDR} !^192\.168

  #check if request is over your http port
  RewriteCond %{SERVER_PORT} =80

  #if both conditions are true tell client to request the page over https
  RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI}

</Directory>

Restart the Apache!

Applications that create a cache of their own circumvent this as far as I can tell. I tried it with KTDMS and if the page was already cached as http it didn't matter if I set the rule and restarted Apache.
It still was delivered as http to external users.