Linux – Forced HTTPS Causes request to change from POST to GET

apache-2.2httpslinuxUbuntu

I recently implemented the following virtual host settings in my apache2.conf file:

   # force HTTPS
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteCond %{REQUEST_URI} !^/path1.html
    RewriteCond %{REQUEST_URI} !^/path2.html
    #RewriteCond %{REQUEST_URI} ^/path3.html
    #RewriteCond ${REQUEST_URI} !^/index.html
    RewriteRule . https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

One of the services that I'm integrating with communicates with my service using HTTP POST. However, they noticed that since implementing this config and making a call to http://, when my server forces the call to be made over https, the request type is changed from POST to GET and the POST messages are dropped. I was wondering if there was a way to update this code to force the original POST/GET method to be kept intact.

Best Answer

The calling service is broken, but there's not much you can do about it unless you can fix the caller. From RFC 2616:

Note: When automatically redirecting a POST request after receiving a 301 status code, some existing HTTP/1.0 user agents will erroneously change it into a GET request.

Your options are:

Fix the calling service so that it follows redirects properly.
Have the calling service use the https URL.
Don't redirect http to https for this service.

Related Solutions

Tomcat – Apache2 – mod_expire and mod_rewrite not working in httpd.conf – serving content from tomcat

Probably the ProxyPass / directive you have in your config routes all requests to the Tomcat backend, bypassing all your mod_rewrite directives. You can try to remove the ProxyPass directive and use RewriteRule with the [P] flag after your other rewrites:

mod_rewrite: P|proxy

For the expire headers the situation is worse — in another similar question a solution was not found.

Option +FollowSymLinks would be needed for using mod_rewrite in .htaccess files; in your case it is not required, because you can put everything in the Apache config. Moving rules from config to .htaccess is pointless and can only make things slower. However, there is an important difference between .htaccess and the Apache config — in .htaccess patterns in RewriteRule are matched against relative filesystem paths (which never start with /), while in the VirtualHost context these patterns are matched against the URL path after the hostname, which always starts with /. Therefore at least one of your rules is incorrect:

RewriteRule ^content/(js|css)/([a-z]+)-([0-9]+)\.(js|css)$ /content/$1/$2.$4

should be

RewriteRule ^/content/(js|css)/([a-z]+)-([0-9]+)\.(js|css)$ /content/$1/$2.$4

(note the additional slash in the beginning).

Ubuntu – How to Skip Interactive Post-Install Configuration Steps in APT-GET

You can do a couple of things for avoiding this. Setting the DEBIAN_FRONTEND variable to noninteractive and using -y flag. For example:

export DEBIAN_FRONTEND=noninteractive
apt-get -yq install [packagename]

If you need to install it via sudo, use:

sudo DEBIAN_FRONTEND=noninteractive apt-get -yq install [packagename]

Best Answer

Related Solutions

Tomcat – Apache2 – mod_expire and mod_rewrite not working in httpd.conf – serving content from tomcat

Ubuntu – How to Skip Interactive Post-Install Configuration Steps in APT-GET

Related Topic