Today I want to discuss a problem about a redirecting HTTP web page to HTTPS secure location. My scenario is a web server which by default is working only on HTTPS, to be able to redirect an HTTP request to HTTPS one. In the end, when you contact the web server either with HTTP or HTTPS protocol, you connect only through HTTPS protocol for secure communication. I use apache web server.
There are two possible solutions - one with mod_rewrite, which according to apache wiki is not the recommended method (ApacheWiki mod_rewrite) and the other one, which I`m after, is using the "Redirect" directive (ApacheWiki RedirectSSL). I don`t use .htaccess files in my scenario, so the solution should be in tweaking the httpd.conf.
In this case, I`ll use CentOS 6 server with apache 2.2, installed from the binary package that comes with the distribution. The SSL configuration files can be found under the directory /etc/httpd/conf.d/ssl.conf, and the default configuration file httpd.conf is inside /etc/httpd/conf directory. I assume you have already created, or buy a SSL certificate and you can contact your server at address https://www.mydomain.com.
So first you should create a new VirtualHost configuration, which should listen and accept requests through HTTP, port 80. I choose to add this definition at the end of my httpd.conf, instead of creating a new file. That`s because it will be only couple of lines and it`s idea is only to redirect traffic to secured location. I used the example provided in apache wiki:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
After you inserted it in the end of the httpd.conf and save it, check for errors the configuration with:
# apachectl configtest
Now you have added the VirtualHost configuration, but if you restart apache you will see that nothing happens, even I found that my server doesn`t listen on port 80:
# netstat -patune | grep "80"
So I should instruct apache to listen at port 80 with Listen directive, but what will happen to the SSL configuration, there is a "Listen 443" line inside /etc/httpd/conf.d/ssl.conf. Actually the server continues to listen to port 443, because of the default ssl VirtualHost configuration. In addition I add the SSLRequireSSL and SSLOptions directives to my website root (as suggested here) in /etc/httpd/conf/httpd.conf:
.....
Listen 80
.....
<Directory "/var/www/html/">
.....
SSLRequireSSL
SSLOptions +StrictRequire
.....
</Directory>
.....
More info about these directives can be found here.
Check again for errors after the changes and if "Syntax OK" restart the apache:
# apachectl configtest
# service apache restart
One more thing not to forget is to check your firewall and open port 80, in CentOS the easiest way is with the command:
# system-config-firewall-tui
Note: In order the command to work you should install the package with the same name.
събота, 29 септември 2012 г.
Welcome to my blog
Hello everybody and thank you for visiting my blog. I`m a big Linux and open source fan, that`s why I`ve created this blog to write about problems I have encountered during my work of implementation and administration of different open source services and servers. I hope my solutions will be helpful in your activities or work and I encourage you to ask questions and create discussions on a topics you find interesting. My interest are in general in the information security field and in all my posts I`ll try to find the easiest and most secure solution of a problem. Feel free to criticize me if you think that this is not accomplished or can be accomplished better. I want to apologies in advance, about my not so good English, I`m not a native speaker, so be more forgiving when you read my blog. I hope you will enjoy it!
Абонамент за:
Публикации (Atom)