Apache: prevent SSL forwarding of a specific URL

Asked

Viewed 874 times

2

My server (Apache 2x) is working correctly with SSL certificate but need to prevent that only a single URL accept normal connection (HTTP only).

The current structure is like this (it is messy due to tests already performed)

<VirtualHost *:80>
            ServerName domain.com
            ServerAlias www.domain.com

            #Redirect permanent / https://domain.com/

        <IfModule mod_rewrite.c>
                    RewriteEngine on
                    RewriteCond %{HTTPS} on
                    #RewriteCond %{SERVER_NAME} =domain.com
                    RewriteCond %{REQUEST_FILENAME} !-f
                    RewriteCond %{REQUEST_FILENAME} !-d
                    RewriteCond $1 !^/complemento/url [NC]
                    RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
        </IfModule>
            Redirect permanent / https://domain.com/
</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost *:443>
            ServerAdmin [email protected]
            ServerName domain.com
            ServerAlias www.domain.com
            DocumentRoot /var/www/html

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

            SSLEngine on

            SSLCertificateFile      /home/domain/domain.com.crt
            SSLCertificateKeyFile /etc/apache2/ssl/domain.key
            SSLCertificateChainFile /home/domain-bundle.crt

            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>

            <Directory /var/www/html>
                    Options FollowSymLinks
                    AllowOverride All
            </Directory>
    </VirtualHost>
</IfModule>

This way it doesn’t work. How to proceed?

  • I’m sorry, but I don’t understand exactly which Urls should be redirected and which should not. Could you please illustrate better?

  • @Henriquemarti ALL URL’s must be HTTPS. Only ONE must be normal (HTTP).

  • 1

    @Henriquemarti being more didactic: Any site URL www.example.com should be HTTPS, but the URL (and only it) www.example.com/url-specifics should be normal (HTTPS)

  • Try these two answers: resposable 1 answer 2

2 answers

2

Take this example:

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ErrorLog /var/log/apache2/error.log

        DocumentRoot /var/www/html

        RewriteEngine On
        RewriteCond %{REQUEST_URI} !^/complemento/url/?$
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>

Where:

No need to use the Redirect permanent / https://domain.com/

  • Apparently the solution worked because I can already access without redirecting. However the page is returning error 404. What can be?

  • 404 is that it did not find content to display, for example, if the directory you are using is the default one, check if there is an index in: /var/www/html/complemento/url

  • Yes, the path is correct. So much so that when I access the same address plus HTTPS it opens normal, but when I remove HTTPS, it gives 404

  • I edited the answer, was missing inform the DocumentRoot.

  • I made some changes, but I still can’t make it work right. Now it’s conflicting with . Cakephp htaccess and redirecting the address to .../app/webroot/... and then adding HTTPS again.

-1


I solved the problem as follows:

  • I removed the redirect from the default-ssl.conf (Apache)
  • Because it’s a Cakephp system, I edited . htaccess into /app/webroot and inserted the redirect there, staying as below

    <IfModule mod_rewrite.c>
        RewriteEngine On
    
        RewriteCond %{HTTPS} on
        RewriteCond ${REQUEST_URI} ^/reports/producao_logs/add/[a-zA-Z0-9]+?$
        RewriteRule http://{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule ^ index.php [L]
    </IfModule>
    

I had to proceed this way because the previous solutions were redirecting to http://domain.com/app/webroot/address, and with that, he did not recognize the rule and ended up playing for HTTPS again (in addition to generating error in Cakephp itself).

Browser other questions tagged

You are not signed in. Login or sign up in order to post.