My application is hosted in AWS. It has Apache proxying to tomcat. SSL is terminated at the Elastic Load Balancer, and all traffic is offloaded to port 80.
My need is to have all requests to the site be redirected to SSL. I've been doing a lot of reading about mod_rewrite and have experimented with various solutions I've found on the web, but have not been able to make this work.
To be clear, Apache is successfully proxying requests to Tomcat. It's the redirection to HTTPS that I'm stuck on. Any suggestions would be welcome.
Try with the X-Forwarded-Proto header, e.g.:
<VirtualHost *:80>
...
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=permanent]
...
</VirtualHost>
Related
We have a tomcat web server running in port 8080 and Apache server running in port 80 in windows environment. Our objective is to configure, Apache server as proxy server to hide the tomcat web server address to the users.When i tried to use mod_rewrite based on HTTPREFERER rule it's working fine but user can able to see the redirected URL in the browsers network tab.
RewriteEngine on
RewriteMap deflector "txt:C:/gsasetup/gsaproxy01/Apache24/conf/deflector.map"
RewriteCond "%{HTTP_REFERER}" !=""
RewriteCond "${deflector:%{HTTP_REFERER}}" "=-"
RewriteRule "^" "%{HTTP_REFERER}" [R,L]
RequestHeader set Authorization "Basic dXNlcjpwYXNzd29yZA==" env=DOAUTH
RewriteCond "%{HTTP_REFERER}" !=""
RewriteCond "${deflector:%{HTTP_REFERER}|NOT-FOUND}" "!=NOT-FOUND"
RewriteRule "^" "${deflector:%{HTTP_REFERER}}" [R,L]
Similarly, when i tried using virtual hosts configuration it's internally redirecting the requests to tomcat web server running in port 8080.
ServerName localhost
ServerAlias *.localhost
ProxyRequests off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
But here what i want is the combination of both. Means proxy should happen only for specific referrer. Otherwise i want to send user unauthorized response.
Is this kind of configuration possible?
I have a requirement where I have to redirect my hostname to particular application which is again hosted on same Apache. Let's take an example, When I hit on host(https://domain1.example.com), It should internally redirect me to Apache Web Application (https://domain1.example.com/application1) without changing the browser URL.
I am not sure how to achieve SSL to SSL redirection. Thanks in Advance..!!!
This should work. This will redirect all incoming urls that are going to domain1.example.com/ to domain1.example.com/application1
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain1.example.com$
RewriteRule ^$ https://domain1.example.com/application1 [L,R=301]
If without changing browsing URL is your goal then PROXY is your way.
Put following in your apache vhost or global file,
ProxyPass https://domain1.example.com/ https://domain1.example.com/application1
ProxyPassReverse https://domain1.example.com/ https://domain1.example.com/application1
PS shibboleth has nothing to do with this, at least you have not mentioned any case.
EDIT
ProxyPass should come to virtural host not in location
Ideally all the location tag should be out of virtual host
We have web servers running Apache behind an AWS ELB. I have setup the ELB to accept HTTPS connections, and send the requests over HTTP to the webservers. This works fine.
I have also redirected all the requests to ELB from HTTP to HTTPS using HTTP:X-Forwarded-Proto.
I have added the below virtualhost section to my httpd.conf file and restarted Apache. This setup is redirecting HTTP requests to HTTPS but it is landing on the Apache home page instead of the expected site.
ServerName www.myexample.com
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule !/index.html https://%{SERVER_NAME}/%{REQUEST_URI} [R=301,L]
The configuration seems to be simple and straightforward but not working.
Please let me know what is wrong in the above setup and why is it landing on the Apache home page.
You should escape the . in your rewrite rule. Change your Rewrite to be:
RewriteRule "!/index\.html" https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Also, as in the comment to your OP Remove the slash between %{HTTP_HOST}%{REQUEST_URI}
Here's my set up:
EC2 with Apache using elastic load balancer.
I'm looking to have all http traffic redirect automatically to https. I found this reco and tried it by adding to my httpd.conf file:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
</VirtualHost>
However, this didn't work before or after I restarted the server. HTTP didn't redirect and my sites threw all sorts of errors until I removed the rule from my config.
I'm thinking that I'm updating the file wrong or have the load balancer set up incorrectly. For the listeners for the load balancer I have LB protocol HTTP with port 80 with instance protocol HTTP and instance port 80. I have LB protocol HTTPS on port 443 with instance port 443. My SSL is on this latter protocol.
Any idea where to head from here?
The configuration that you have mentioned should work well. The problem might be that the mod_rewrite module is not loaded. Add below lines to your apache configuration to load rewrite module.
LoadModule rewrite_module modules/mod_rewrite.so
You can try below configuration which is much simpler than what you are using.
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
I have 5 sites on one apache server. One of the sites is with SSL. So when the other sites are accessed with https then they are redirected to the SSL site which is incorrect.
E.g.
https://x.com (with SSL)
http://y.com (normal site no SSL)
If I access https://y.com then I get the content from x.com. How can I fix so https://y.com just gets rewritten to http://y.com?
In your .htaccess put:
RewriteCond %{HTTPS} on [NC]
RewriteRule ^(.*)$ http://y.com/$1 [R=301,L]
You can define it in apache config file. You must add a rule to connection incoming from https port.
If you are using linux, propably you have this config in /etc/apache2/sites-available/default-ssl.
If you don't have this file you must searching https virtualhost:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>