RedirectSSL

(!) THIS IS A SCRATCHPAD DOCUMENT, PLEASE CONSIDER THIS WHEN READING ON (!)

Redirect Request to SSL

Let's say you want [WWW] http://www.example.com/secure/ to always be sent over SSL (I presume here that both the normal and the SSL vhost have the same content). You could do this by linking to the correct page from within your HTML pages... but there will always be some user who will sneak by it that way.

  1. Redirect Request to SSL
      1. Using virtual hosts (using redirect)
      2. Using mod_rewrite

Using virtual hosts (using redirect)

When using SSL, you will frequently have at least two virtual hosts: one on port 80 to serve ordinary requests, and one on port 443 to serve SSL. If you wish to redirect users from the non-secure site to the SSL site, you can use an ordinary [WWW] Redirect directive inside the non-secure VirtualHost: 

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName mysite.example.com
   DocumentRoot /usr/local/apache2/htdocs
   Redirect permanent /secure https://mysite.example.com/secure
</VirtualHost>

<VirtualHost _default_:443>
   ServerName mysite.example.com
   DocumentRoot /usr/local/apache2/htdocs
   SSLEngine On
# etc...
</VirtualHost>

Note: redirect can also be used inside .htaccess files or to address particular URLs, as in:

Example: 

   Redirect permanent /login https://mysite.example.com/login

Using mod_rewrite

While the <VirtualHost> solution is recommended because it is simpler and safer, you can also use mod_rewrite to get the same effect as described here: RewriteHTTPToHTTPS

last edited 2007-10-24 15:49:46 by slive