What is the best way to transparently rewrite a URL over an SSL connection with Apache 2.2?
Apache 2 does not natively support multiple name-based virtual hosts for an SSL connection and I have heard that mod_rewrite can help with this. I would like to do something like this:
I have set up the server so that the sites can be accessed by
https://secure.example.com/dbadmin
but I would like to have this as https://dbadmin.example.com
How do I set it up so that the Rewrite rule will rewrite dbadmin.example.com to secure.example.com/dbadmin, but without displaying the rewrite on the client's address bar (i.e. the client will still just see dbadmin.example.com), all over https?
Configure a single VirtualHost to serve both secure.example.com and dbadmin.example.com (making it the only *:443 VirtualHost achieves this). You can then use mod_rewrite to adjust the URI for requests to dbadmin.example.com:
<VirtualHost *:443>
ServerName secure.example.com
ServerAlias dbadmin.example.com
RewriteEngine on
RewriteCond %{SERVER_NAME} dbadmin.example.com
RewriteRule !/dbadmin(.*)$ /dbadmin$1
</VirtualHost>
Your SSL certificate will need to be valid for both secure.example.com and dbadmin.example.com. It can be a wildcard certificate as mentioned by Terry Lorber, or you can use the subjectAltName field to add additional host names.
If you're having trouble, first set it up on <VirtualHost *> and check that it works without SSL. The SSL connection and certificate is a separate layer of complexity that you can set up after the URI rewriting is working.
Unless your SSL certificate is the "wildcard" or multi-site kind, then I don't think this will work. The rewrite will display in the browser and the name in the address bar must be valid against the certificate, or your users will see a security error (which they can always accept and continue, but that doesn't sound like what you'd like).
More here.
There is apaches mod_rewrite, or you could setup apache to direct https://dbadmin.example.com to path/to/example.com/dbadmin on the server
<VirtualHost *>
ServerName subdomain.domain.com
DocumentRoot /home/httpd/htdocs/subdomain/
</VirtualHost>
Related
I'm looking for a method to confirm traffic between an origin server and the CloudFlare CDN is encrypted with HTTPS.
I have a Let's Encrypt SSL cert installed on the origin server and at the CloudFlare CDN, I have CloudFlare's universal free generated SSL cert installed.
With caching activated, the browser sees the CloudFlare SSL cert. With caching deactivated, the browser sees the Let's Encrypt SSL cert. So both certs are working fine. But with caching activated, I can't actually see what's happening between the origin and the CDN.
In CloudFlare I have Full (Strict) SSL activated. Ostensibly this means traffic is encrypted between the origin and CDN. But is there a way to confirm this independantly?
One method I know is to use Netstat at the origin to check which port is taking the traffic. Netstat is installed but I don't have root SSH access to it. ss is not installed. I do have Python installed and was able to execute a Hello World python script. I don't have Java installed. wget works and can download files. Is there any other method?
Assuming Apache, modify your VirtualHost, add an entry to check and modify your logs.
Here's an answer, https://serverfault.com/a/359482/266552
Option 2, log the port
Here's an answer from that same thread, https://serverfault.com/a/665620/266552
Option 3, redirect all HTTP requests to HTTPS.
Option 3a, you could use mod_rewrite:
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
Option 3b, an alternative without mod_rewrite:
<VirtualHost *:80>
ServerName mysite.example.com
DocumentRoot /usr/local/apache2/htdocs
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName mysite.example.com
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
# etc...
</VirtualHost>
Replace #etc... with the rest of your configuration.
https://wiki.apache.org/httpd/RedirectSSL
We have a site with an English and Spanish version, each on a different domain. We also have a few spare domains for each language which we'd like to redirect to the language's main domain.
Specifically:
estadiosfutbol.net/..., estadiosfutbol.org/... and estadiosfutbol.info/... should all redirect to https://estadiosfutbol.com/...
worldfootballstadiums.com/..., worldfootballstadiums.info/..., worldfootballstadiums.org/... and worldfootballstadiums.net/... should all redirect to https://worldstadiums.football/...
I'm struggling with the rewrite rules so any help would be greatly appreciated.
There are two ways this can be done. The first is the simpliest, but is not always practical.
First Method
This method does not require HTACCESS files. In your Apache server configuration you just need to add ServerAliases for each of the domains that you want it to handle. (You must make sure all the domains are pointing at the same machine)
The Code
NameVirtualHost *:443
<VirtualHost *:443>
ServerName estadiosfutbol.com
ServerAlias estadiosfutbol.info estadiosfutbol.net estadiosfutbol.org
DocumentRoot /www/domain
</VirtualHost>
<VirtualHost *:443>
ServerName worldstadiums.football
ServerAlias worldfootballstadiums.com worldfootballstadiums.net worldfootballstadiums.info worldfootballstadiums.org
DocumentRoot /www/otherdomain
</VirtualHost>
Note: This will only redirect if the user tries to access the website using SSL. (eg ) If you want it to redirect all traffic from both port 80 and port 443 you would need to make separate virtual hosts and use the second method to achieve the redirection.
Second Method
The second way is a little more complicated, but works in almost all situations. There a two main steps that need to be carried out in order for this to work properly:
Make sure that whatever server software you are using is setup to be looking for all the domains. The server has to have a VirtualHost(Apache) that is listening for each domain in order for the next step to do anything.
Create a .HTACCESS file under each domains' root that looks similar to this:
The Code
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !estadiosfutbol.net$ [NC]
RewriteRule ^(.*)$ https://estadiosfutbol.com/$1 [L,R=301]
Note: You will need to change the third line on each domain to be the domain to rewrite from (eg estadiosfutbol.net/, estadiosfutbol.org/ and estadiosfutbol.info)
Note: Changing the forth line is all that is required for the separate domain.
I have installed SSL certificates in my WAS 7.0 and pointed to IBM Http Server under httd.conf file. I have implemented the below rewrite mechanism also.But still unable to redirect from http request to https for specific context root applications.
Please suggest me.
implemented below lines under httpd.conf file.
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
<IfModule mod_ibm_ssl.c>
Listen 443
<VirtualHost *:443>
SSLEnable
SSLProtocolDisable SSLv2
ErrorLog logs/error_log
CustomLog logs/access_log common
RewriteEngine On
RewriteOptions Inherit
</VirtualHost>
</IfModule>
KeyFile "/IBM/HTTPServer/testSSL/testkey.kdb"
SSLStashFile "/IBM/HTTPServer/testSSL/testkey.sth"
RewriteEngine on
RewriteRule ^/testPOC/(.*)$ https://localhost/testPOC/$1
Config look OK. Perhaps you have an explicit *:80 virtualhost defined somewhere, in which case you need to put the mod_rewrite directives there instead.
Like Eric stated the most likely answer is a VH for *:80 needing the RewriteRule. Another outside possibility would be the use of localhost for the host name. Make sure you haven't done something that causes the loopback to not be handled properly. You can always try the real host name or IP to make sure using localhost does not cause problems (hosts file, A load balancer using the loopback, etc).
Use RewriteLog to verify rewrite was done. Also make sure plugin-cfg.xml is set up to recognize port 443. It might have an explicit host name:443 for a VH as opposed to *:443. Using localhost would not match in that case. If you have a Load Balancer in front of IHS, it might be doing SSL offloading and SSL never makes it to IHS for the problem context roots.
I have domain.io and domain.com BOTH pointing to the SAME server. How do I set this up so that domain.io never shows up in the address bar, and it's always domain.com?
Thanks!
You can use Apache's mod_alias Redirect directive for this:
<VirtualHost *:80>
ServerName domain.io
ServerAlias www.domain.io
Redirect permanent / http://domain.com/
</VirtualHost>
In your case, permanent (301) redirect sounds appropriate but you may want to look at HTTP redirect: 301 (permanent) vs. 302 (temporary)
Also, it's really unimportant where the domains are hosted in this case; they do not need to be on the same server. In fact, many DNS and web host providers actually provide this functionality as a service, and will host the equivalent of above configuration for you (though not necessarily with Apache; nginx is probably more likely for this purpose these days).
I recently purchased a new domain name from 1and1.com and used their HTTP redirect option to point to the address of my server. Let's say, for example, the fresh domain is new.com and the established server is old.com.
I have it redirecting to old.com/new via 1and1's configuration page, which works, save for the fact that when I visit new.com, it changes the browser's URL to old.com/new. This is obviously not what I want to happen.
I've set up htaccess rules:
# BEGIN New.com
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^new.com
RewriteRule ^(.*) http://old.com/new [P]
</IfModule>
# END New.com
Likewise, I've done the Apache configuration of Virtual Hosts:
<VirtualHost *:80>
ServerName www.new.com
DocumentRoot /www/old/html/new/
</VirtualHost>
I then proceeded to flush my local DNS cache. Yet still, it persists in changing the address bar in my browser to old.com/new. What am I missing? Does it just need time to propagate or have I misconfigured / failed to properly set something up?
You need to change the 1and1's "new.com" DNS entry to point to the same IP that "old.com" is using. While the htaccess rule (which I assume is at the new.com document root) kind of does what you want, it requires the mod_proxy be loaded, which is something I doubt 1and1 hosting allows.
What you need to do is set it up such that when you go to a site like this and do a DNS lookup for new.com, you get the same IP as when you lookup "old.com".
On old.com's server, you have the vhost setup:
<VirtualHost *:80>
ServerName www.new.com
DocumentRoot /www/old/html/new/
</VirtualHost>
which should be all you need to at least access the contents in /www/old/html/new/.