To avoid this issue in IIS, we used two separate rules in the correct order. The first rule redirect host to host.domain.com. The next rule in the sequence was the HTTPs redirect rule. -D
On Thu, Mar 12, 2015 at 2:29 PM, Robert Hajime Lanning <lann...@lanning.cc> wrote: > If you access the site via https://webserver01, then the certificate > mismatch error will happen before the HTTP transaction (and redirect) can > happen. > > This is the same for http://webserver01, since your redirect to HTTPS > does not rewrite the hostname. > > > On 03/12/15 11:01, Will Dennis wrote: > >> Hi all, >> >> I have an Apache site running that should only be accessed via HTTPS. >> What we wish to ensure is that if the site is called by it's DNS >> shortname (example, `https://webserver01` rather than >> `https://webserver01.mycompany.com`, that the URL request is rewritten >> to be for "https://webserver01.mycompany.com";, and also if the URL has >> the `http://` protocol, that is rewritten to `https://`. >> >> In the conf file for this site, we have the following rewrite rules: >> >> (in httpd.conf:) >> >> <VirtualHost *:80> >> >> RequestHeader set X-Forwarded-Proto "http" >> >> RewriteEngine On >> >> RewriteCond %{HTTP:X-Forwarded-Proto} !https >> >> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L] >> >> </VirtualHost> >> >> (and in the include file ssl.conf:) >> >> RewriteEngine on >> >> RewriteCond %{HTTP_HOST} !^webserver01\.mycompany\.com [NC] >> >> RewriteCond %{HTTP_HOST} !^$ >> >> RewriteRule ^(.*)$ https://webserver01.mycompany.com$1 [r=301,nc] >> >> What is happening is that if I call the site as >> `http://webserver01.mycompany.com`, the URL is indeed transformed into >> `https://webserver01.mycompany.com` and the SSL connection works fine >> (no errors.) However, if I form the URL as either `http://webserver01` >> or `https://webserver01`, it does not get rewritten correctly (it does >> switch the proto to HTTPS, but doesn't rewrite the rest of the URL), and >> I get a resulting SSL error (`NET::ERR_CERT_COMMON_NAME_INVALID` in >> Chrome) since the certificate has the common name of >> `webserver01.mycompany.com`. >> >> I have tested the ssl.conf rewrite rule via the site >> http://htaccess.madewithlove.be/ and it is doing the correct rewrite... >> So is it a order-of-operations problem or something? (Please excuse my >> ignorance with Apache and mod_rewrite, haven't had to admin an Apache >> site for many moons now...) >> > > -- > Mr. Flibble > King of the Potato People > http://www.linkedin.com/in/RobertLanning > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ >
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
