Thanks Robert - was just typing up the followup, which said: ----- I guess I could cover the "http://webserver01"; URL case with changing the httpd.conf rewrite to: RewriteRule (.*) https://webserver01.mycompany.com%{REQUEST_URI} [R,L]
...and I guess I'm out of luck with the "https://webserver01"; URL case, right? (since the SSL handshake preceeds the HTTP transaction) ----- So it look like I do indeed understand now ;) Thanks for your kind assistance! Will -----Original Message----- From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] On Behalf Of Robert Hajime Lanning Sent: Thursday, March 12, 2015 4:33 PM To: tech@lists.lopsa.org Subject: Re: [lopsa-tech] Apache rewrite rule not transforming URL as desired I just forgo the RewriteCond in *:80 and use: RewriteRule ^ https://fully.qualified.name%{REQUEST_URI} [R,L] If you get a connection on port 80 and you are not configured to talk SSL on that port, and you want EVERYTHING to use HTTPS, then just one rewrite rule works great. For *:443 it is a lot harder... SSL happens before HTTP, as the HTTP transaction is conducted within the SSL tunnel. SSL does not allow for the negotiation of the hostname. So, outside of Subject Alternative Name entries in the certificate, the connect MUST be made using the proper hostname. Unless both the server and client support SNI. https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI On 03/12/15 12:38, Derek Murawsky wrote: > To avoid this issue in IIS, we used two separate rules in the correct > order. The first rule redirect host to host.domain.com > <http://host.domain.com>. The next rule in the sequence was the HTTPs > redirect rule. > -D -- Mr. Flibble King of the Potato People http://www.linkedin.com/in/RobertLanning _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/ _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
