: Mod Rewrite - directing HTTP/HTTPS traffic to the appropriate virtual hosts I have an Apache2 web server (v. 2.2.16) running on Debian hosting three virtual hosts. The first two hosts are HTTP
I have an Apache2 web server (v. 2.2.16) running on Debian hosting three virtual hosts. The first two hosts are HTTP only (server1 and server2). The last host is HTTPS only (server3). My virtual host configuration files can be found at pastebin. I would like to use mod rewrite to get the following behavior:
Any request for server3 is re-directed to server3 Any request for either server1 or server2 is re-directed to server1 or server2 as appropriate.
Currently, requesting server3 gives you a 403 because indexing is disabled for that host and a request for server1 or server2 will resolve as server3 (as its the only virtual host running SSL). This behavior is not desirable.
So far I have added a rewrite rule to the central configuration file (myServerWideConfs.conf), with unfortunately no effect. I was under the impression that this rule (or something similar) should rewrite all requests for server1 and server2 to the proper request.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^server3 [NC]
RewriteRule (.*) %{HTTP_HOST}
My question is two-fold:
What mod rewrite rules should I use to accomplish this? And where should they go? Debian's packaging of Apache has a pretty granular (i.e., fractured) configuration file layout; should my rewrite rules go in /etc/apache2/apache2.conf, /etc/apache2/conf.d/myServerWideConfs.conf, or the individual virtual host files?
Is mod rewrite the right tool to accomplish this or am I missing something in my greater apache configuration?
More posts by @Berumen354
2 Comments
Sorted by latest first Latest Oldest Best
This is tricky. Historically this wasn't possible since SSL didn't permit indicating which virtual host it was attempting to access as it sets up the connection to the designated IP address. This has changed somewhat with Server Name Indication (RFC 4366), a feature of TLS.
Apache has taken a long time to get support for it, but it now does. Your version is new enough it should support it, but you'll need a browser that also does. Before working on the rewrite stuff, I'd start working on making sure that server1.example.com/ returns the right VHost. Once it does that, the Mod-rewrite stuff should just work.
What I do: use vhosts for each site, including a vhost for the variant I want to suppress. This keeps all the configuration for a named site in one place. The duplication of content is minimal thanks to mod_macro.
You want to issue a redirect, not rewrite internally, since the idea is to get the client to retry using the correct protocol. Make sure to only rewrite for GET, since a redirect after POST means data is accepted and you only want to really deal with people using the wrong scheme in their web-browser -- API users should be using the correct interface.
So:
<IfModule mod_rewrite.c>
<VirtualHost 192.0.2.1:80 [2001:db8::1234:1]:80>
ServerName example.org DocumentRoot /www/sites/empty-stub
RewriteEngine on
RewriteCond %{REQUEST_METHOD} =GET
RewriteRule ^(.*) www.example.org [R,L]
</VirtualHost>
</IfModule>
and if you do this a lot, wrap it in a mod_macro <Macro>..</Macro> block so that it becomes:
Use RedirToHTTPS example.org
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.