Force HTTPS with mod_rewrite, including proxied SSL

apache-2.2mod-rewrite

I've got a server getting some traffic from an SSL terminating load balancer- in which case it comes in as HTTP over port 80 with a http_x_forwarded_proto = "https"

I want a mod_rewrite rule that only allows direct HTTPS traffic or forwarded HTTPS traffic.

I have this so far:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:http_x_forwarded_proto} != https
RewriteCond %{HTTP:http_x_forwarded_proto} != HTTPS
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

but I'm getting

RewriteCond: bad flag delimiters

error.

What do I need to correct to get this working, and is this the best approach?

Best Answer

The problem was the whitespace after the "!=":

Working version:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

tricky...

Related Solutions

Tomcat – Apache2 – mod_expire and mod_rewrite not working in httpd.conf – serving content from tomcat

Probably the ProxyPass / directive you have in your config routes all requests to the Tomcat backend, bypassing all your mod_rewrite directives. You can try to remove the ProxyPass directive and use RewriteRule with the [P] flag after your other rewrites:

mod_rewrite: P|proxy

For the expire headers the situation is worse — in another similar question a solution was not found.

Option +FollowSymLinks would be needed for using mod_rewrite in .htaccess files; in your case it is not required, because you can put everything in the Apache config. Moving rules from config to .htaccess is pointless and can only make things slower. However, there is an important difference between .htaccess and the Apache config — in .htaccess patterns in RewriteRule are matched against relative filesystem paths (which never start with /), while in the VirtualHost context these patterns are matched against the URL path after the hostname, which always starts with /. Therefore at least one of your rules is incorrect:

RewriteRule ^content/(js|css)/([a-z]+)-([0-9]+)\.(js|css)$ /content/$1/$2.$4

should be

RewriteRule ^/content/(js|css)/([a-z]+)-([0-9]+)\.(js|css)$ /content/$1/$2.$4

(note the additional slash in the beginning).

Linux – Redirect non-www ssl traffic to www ssl (apache)

I can't see anything wrong with your rewrite rule. Are you sure :

RewriteEngine on

has been specified and this config is definitely being executed? Is it in a .htaccess file?

Try setting up a rewrite log it can help:

http://www.latenightpc.com/blog/archives/2007/09/05/a-couple-ways-to-debug-mod_rewrite

Best Answer

Related Solutions

Tomcat – Apache2 – mod_expire and mod_rewrite not working in httpd.conf – serving content from tomcat

Linux – Redirect non-www ssl traffic to www ssl (apache)

Related Topic