Rewrite of Insecure to Secure Domain with Wildcard

apache-2.4httpd.conf

I'm looking for the proper way to handle redirecting of insecure (via port 80) requests to secure (port 443) with Apache server config. I do not want to put this in my .htaccess file either.

Currently I have this in my httpd.conf file:

ServerName example.com
ServerAlias *.example.com

RewriteEngine On
RewriteCond %{HTTP_HOST} ^(.+)\.example\.com$
RewriteRule ^(.*)$ https://%1.example.com/$1 [R=302,L]

The goal is to do a wildcard (in subdomain and subfolder) redirect. To be specific, here are some major use cases:

 - http://subdomain.example.com to https://subdomain.example.com
 - http://example.com to https://www.example.com
 - http://www.example.com/contact/ to https://www.example.com/contact
 - http://subdomain.example.com/contact/ to https://subdomain.example.com/contact

In short, simply replacing http with https as long as two conditions meet:

The requested URI contains mydomain.com
The requested URI is not already secure (http traffic only)

I've tried numerous different methods but nothing seems to capture all variations of subdomains and subfolders, much to my surprise.

Any ideas? Thanks!

Best Answer

A simple virtual host is the best way to catch all the HTTP requests. Then you cannot accidentally redirect HTTPS requests. Something like.

<VirtualHost *:80>
   ServerName example.com
   ServerAlias *.example.com

   # Redirect subdomains.
   RewriteEngine on
   RewriteCond %{HTTP_HOST} (\w+.example.com)
   RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]

   # Everything else to www.example.com preserving URI path
   Redirect 301 / https://www.example.com/
</VirtualHost

Related Solutions

Tomcat – Apache2 – mod_expire and mod_rewrite not working in httpd.conf – serving content from tomcat

Probably the ProxyPass / directive you have in your config routes all requests to the Tomcat backend, bypassing all your mod_rewrite directives. You can try to remove the ProxyPass directive and use RewriteRule with the [P] flag after your other rewrites:

mod_rewrite: P|proxy

For the expire headers the situation is worse — in another similar question a solution was not found.

Option +FollowSymLinks would be needed for using mod_rewrite in .htaccess files; in your case it is not required, because you can put everything in the Apache config. Moving rules from config to .htaccess is pointless and can only make things slower. However, there is an important difference between .htaccess and the Apache config — in .htaccess patterns in RewriteRule are matched against relative filesystem paths (which never start with /), while in the VirtualHost context these patterns are matched against the URL path after the hostname, which always starts with /. Therefore at least one of your rules is incorrect:

RewriteRule ^content/(js|css)/([a-z]+)-([0-9]+)\.(js|css)$ /content/$1/$2.$4

should be

RewriteRule ^/content/(js|css)/([a-z]+)-([0-9]+)\.(js|css)$ /content/$1/$2.$4

(note the additional slash in the beginning).

How to use a virtual host to redirect https subfolders to different ports in apache

This did it:

<VirtualHost *:443>
    ServerName mydomain.com
    ServerAlias secure.mydomain.com
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    SSLEngine on
    SSLProxyEngine On
    SSLCertificateFile    /etc/apache2/ssl/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl/server.key
    SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
    SSLCACertificateFile /etc/apache2/ssl/ca.pem

    ProxyRequests Off
    ProxyPreserveHost On

    ProxyPass /myapp/ http://127.0.0.1:8112/
    <Location /myapp/>
      ProxyPassReverse /
      ProxyPassReverseCookiePath / /myapp/
        #Some web services may or may not require an additional specific header variable
        # or additional internal configuration settings when located at a subfolder
        #In my case for example myapp specifically required a header variable to be set
        # with the new subfolder base as follows
        RequestHeader set X-myapp-Base "/myapp/"
      Order allow,deny
      Allow from all
    </Location>
</VirtualHost>

In this solution the web service will react as though it's responding on http and the apache reverse proxy will handle the ssl so that the service will appear as https to the user.

This may break some services or websites that are http/https aware. Wordpress for example would require the X-forwarded-for variable to be added to the header in a similar way to the example above.

Best Answer

Related Solutions

Tomcat – Apache2 – mod_expire and mod_rewrite not working in httpd.conf – serving content from tomcat

How to use a virtual host to redirect https subfolders to different ports in apache

Related Topic