*
The moose likes Tomcat and the fly likes apache url rewriting problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "apache url rewriting problem" Watch "apache url rewriting problem" New topic
Author

apache url rewriting problem

david hu
Ranch Hand

Joined: Jul 20, 2001
Posts: 143
I am setting up apache to do url rewriting. What I want to do is that if the user type the address of my website, say, http://mysite49.com, I wish the browser automatically change the url to https://mysite49.com. I have following questions:

1)Do I have to open two ports, both 80 and 443(for https)?
2)How to do this functionality?

Thanks,

David
Stu Thompson
Hooplehead
Ranch Hand

Joined: Jun 14, 2006
Posts: 136
Hi David,

I think that is a redirection rather than a URL rewritting question. (My understanding is that the term 'URL writing' does not apply to the protocol and server name portion of a URL.)

This is important in your context because if the initial connection to the server from the client is with HTTP then it cannot be internally switched by httpd to HTTPS. Why? Because the client will need to initiate a new HTTPS connection to get all that SSL stuff done first before httpd can start reading headers and stuff.

The rediction can be accomplished quickly with simple HTML file with redirection meta tags. Or you could have a script on your web server that does an HTTP redirection. I'd recommend the later because it is arguable more effeciant to do so at a lower level.

Hope that helps.

Stu
[ September 21, 2006: Message edited by: Stu Thompson ]

"This is not to say that design is unnecessary. But after a certain point, design is just speculation." --Philip Chu
david hu
Ranch Hand

Joined: Jul 20, 2001
Posts: 143
Sorry, I might not make my problem clear. What I am trying to discuss is that I want to put "RewriteEngine" directive in my config of apache, so that if somebody type: http://my_website_name.com , the url will be automatically changed to https://my_website_name.com, thus I want to force user to use https instead of http.

Here is what I put in the config httpd.conf of apache(It is working):

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*) https://my_website_name.com$1 [L,R]

However, my question is:

Do I need to open two ports : both 80 and 443 for my apache? Is it possible to only open port 443 if I am trying to achieve above?

Thanks,

David
Stu Thompson
Hooplehead
Ranch Hand

Joined: Jun 14, 2006
Posts: 136
Hi David,

My post stands. Rewrite is all server side, redirect involves both client and server. One cannot URL rewrite from HTTP to HTTP.

You will need to do a redirect. Your rewrite rule will not work.

To answer your second question, yes...you will need both ports open.

You will also need to brush up on the mechanics of HTTP and HTTPS to understand why. If I have time then tomorrow I could go into more depth.

Stu
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41068
    
  43
Actually, the mod_rewrite module which is used here can do either redirect or rewrite, so, yes, it is possible to change from HTTP to HTTPS in this way. As far as HTTP is concerned, that is a client-side redirect, though.

And, like Stu says, both ports need to be open, because how would Apache ever see the HTTP request if port 80 wasn't open?


Ping & DNS - my free Android networking tools app
Stu Thompson
Hooplehead
Ranch Hand

Joined: Jun 14, 2006
Posts: 136
Hi Ulf,

Not saying I don't believe you but pllease explain how it would work. Everything I know about HTTP, HTTPS, and URL rewriting says it is not possible.

(Then again, i am weak on URL rewritting.) Specifically, how does the protocolol negotiation take place?

If I have it wrong I will gladly eat my boot. _p

Stu
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41068
    
  43
I'm not up on the internals of mod_rewrite (i.e., how it works internally), but it can do either a rewrite (kind of like a forward) or a redirect (roundtrip to the client and back). The latter can be used to catch HTTP URLs and redirect to the appropriate HTTPS URL (but as far as Apache/mod_rewrite is concerned, it would still be a "rewrite", because that's what mod_rewrite does).

Like you suggest, I think there would be difficulties forwarding an HTTP request to an HTTPS address. But actually, come to think of it, mod_rewrite might just send an HTTPS request, and then return its results to the client via HTTP, thus completely masquerading the use of HTTPS. I'm not sure if that's really possible, though.
Stu Thompson
Hooplehead
Ranch Hand

Joined: Jun 14, 2006
Posts: 136
OK, if the mod_rewrite can force a roundtrip to the client then it would work. But that would really a redirection...based on a rewritten URL, yes, but a redirection none the less.

If mod_rewrite were to proxy the request to https and send the response back to the client over http...then, well...that sorta defeats the purpose. :p What benefit would there be to do this? It is definitely not secure.

David: The S in HTTPS is for secure (duh). The security is implemented via SSL. SSL sits just below HTTP on the network stack. That is important because the SSL negotiation (public and then private key exchange) must occur before the HTTP request and response(s) are read and written. Also note that the client must initiate the negotiation. The server cannot decide, after receiving a client HTTP request, that it suddenly wants everything encrypted.

Again, if I have any of this wrong then I'll eat my boot.
[ September 22, 2006: Message edited by: Stu Thompson ]
Stu Thompson
Hooplehead
Ranch Hand

Joined: Jun 14, 2006
Posts: 136
PS: I gather www.boh.com is exactly what David wants to do.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by Matt Bad:
I have a similar question about mod_rewrite:

The request is https://my_reverse_proxy.com, and I want to use mod_rewite to forward
the request to https://my_internal_app.com.

The client broswer can not access https://my_internal_app.com directly. Is it possible?





Matt,
Please start a new thread with your question.
Most people aren't going to scroll all the way to the bottom of an old thread to look for a new question.
Also, if this discussion is still active, asking another question would be considered thread hijacking; a very rude thing to do.

-Ben


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
david hu
Ranch Hand

Joined: Jul 20, 2001
Posts: 143
Stu, you are right( "PS: I gather www.boh.com is exactly what David wants to do."). That is exactly what I want to do.

What I implemented is the same way as www.boh.com does, what security concern can you suggest? I personally thinks it is secure for all pages between client and server.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: apache url rewriting problem
 
Similar Threads
22 days ago...
Hide PIA domain name for the external world
Total confusion on so many IDs
How long does it take to get SCEA results?
SSL with Jbuilder ?