Global Redirection of port 80 to 443

apache-2.2httpsredirectshell-scripting

I'd like to setup my linux box so that anything hitting port 80 would simply be told ask that of 443. I want it to be regardless of domain, IP or whatever specific details may exist. If it can be requested of port 80, it should be told nope. We do that on 443.

I'll be using Apache on 443 so could bind it to 80 easy enough, but don't see the solution as having to include Apache on port 80.

To be clear, I'm looking for a solution that would require no changes to the vhosts. I understand global redirects that can be passed down with inheritance. That requires vhost changes. I'm looking for something more all-encompassing and less prone to "Oops, I forgot that line and now port 80 is exposing my data unencrypted."

How would you go about solving that problem? iptables, apache, custom shell script with netcat and some magic to make it go SSL?

Best Answer

Try adding this to your httpd.conf;

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

From here - >http://www.sslshopper.com/apache-redirect-http-to-https.html

This uses mod_rewrite so make sure you have that installed beforehand.

The recommended method is as you state to set this in the VHOST file for each site as described here;

http://wiki.apache.org/httpd/RedirectSSL

However, the Apache wiki does document the above rewrite method on more detail;

http://wiki.apache.org/httpd/RewriteHTTPToHTTPS

Related Solutions

Ssl – Apache: rewrite port 80 and 443 – multiple SSL vhosts setup

Remember that when you make an HTTPS connection to https://domain2.org (which is really a connection to https://domain2.org:443), the order is roughly

Browser opens connection to IP on port 443
Apache looks for a VirtualHost matching the combination IP:443
In this case it finds the VirtualHost for domain1.org
Apache sends the SSL certificate associated with that VirtualHost (i.e. the cert for domain1.org)
[The rest of the SSL negotiation]
Browser sends its HTTP request headers, including the Host: header telling Apache what domain it thinks it's talking to.
If applicable, mod_rewrite processing of the HTTP request headers happens here.

i.e. when Apache decides which certificate to send, it hasn't yet received the information that mod_rewrite would use to do the redirect.

To get around this you'd need a single certificate that was valid for both domains. This could be either a wildcard certificate (if the situation is domain1.example.com and domain2.example.com, get a certificate for *.example.com), or you could try to get an SSL certificate with a Subject of "domain1.org", but a Subject Alternate Name of "domain2.org".

In either case you'd need to do the redirection in the main Apache config files - if it's in a .htaccess file in domain2.org's DocumentRoot, then requests that use domain1.org's VirtualHost will go to a different DocumentRoot directory, and won't ever see the file.

Phptheadmin login redirect fails with custom ssl port

An old version of phpmyadmin that I have lying around has this in /phpmyadmin/config.inc.php

$cfg['PmaAbsoluteUri'] = 'http://127.0.0.1/phpmyadmin';

You could try changing the http to https(and other values appropriately) and see if that makes a difference.

Best Answer

Related Solutions

Ssl – Apache: rewrite port 80 and 443 – multiple SSL vhosts setup

Phptheadmin login redirect fails with custom ssl port

Related Topic