I'd like to redirect any users on our site if they try to use SSLv3 (if I just disable SSLv3 and a browser like IE6 comes along, I couldn't seem to properly redirect it to an http version of our site with an error message – so I'd like to allow SSLv3, but redirect if they are using it to an error message).
I think I want something like the following:
RewriteCond %{SSL_PROTOCOL} SSLv3
RewriteRule (.*) http://%{SERVER_NAME}/mysite/unsupported_browser.html
Unfortunately, %{SSL_PROTOCOL} always seems to be empty. I'm using Apache 2.2.15 in Centos 6 32 bit. SSL works just fine for the website normally (i.e. https://mysite/mysite/unsupported_browser.html works fine).
there seems to be a bunch of variables that are supposed to be availalbe, but are empty for me (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html).
Anyone have any ideas what I can do?
Best Answer
The solutions for this is:
This works for me :)