I have a system running Apache that directs all HTTP traffic to HTTPS via the Redirect
directive:
<VirtualHost *:80>
Redirect permanent / https://www.example.com/
</VirtualHost>
I would like to have a single URL (/status
, provided by the mod_status
module) accessible via HTTP without the redirect. (This is so I can script our automation system to check Apache's status via localhost and not worry about the precise hostname in the automation rules.)
Question: Is there a way to exempt a single URL from the Redirect
directive, without modifying that Redirect
directive?
I know I can get the behavior I want by changing the VirtualHost
definition above to the following:
<VirtualHost *:80>
RedirectMatch permanent ^(/(?!server-status).*)$ https://www.example.com$1
</VirtualHost>
(This is the solution from question 317890)
I don't want to do that, though, because I want the automation rules controlling the mod_status
page to be independent of the rules controlling the redirects. (Not all managed systems have the same redirects, for one thing.)
Ideally, I'd like to have a single line or set of lines that I can just drop into a config file alongside the mod_status
configuration that says, basically, "I don't care what other configuration you see, always let http://localhost/status
through to be handled by mod_status
without any redirects."
I can adjust the order of the directives to put my various configuration pieces (the redirect, the mod_status
config, the hypothetical answer to my question) in any order necessary.
I'm running RHEL 6 and RHEL 7 systems, so I've got a mix of Apache 2.2 and 2.4 (but if something only works with 2.4, I can grudgingly deal with it).
Best Answer
No
(at least with the exception of the method you have already described or fronting all your servers with a big TLS terminating content manager).
Further, even if it were possible, you need to perform major surgery on any browser which has ever seen a 301 redirect in order to stop them remembering (301 redirects are cached indefinitely).
What have you got against fetching your status page via HTTPS?