Ok I have an apache IBM HTTP Server WAS 6.1 setup
I have my certs correctly installed and can successfully load http and https pages.
After a successful j_security_check authentication via https I want the now authorized page (and all subsequent pages) to load as http
I want this all to work with mod_rewrite because I don't want to change application code for something that really should be simple to do on the webserver.
I would think this would work but it doesn't and I fear it's because j_security_check is bypassing mod_rewrite somehow.
RewriteCond %{HTTPS} =off
RewriteCond %{THE_REQUEST} login\.jsp.*action=init [OR]
RewriteCond %{THE_REQUEST} login\.jsp.*action=submit
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L] <<-- this rule is working
RewriteCond %{HTTPS} =on
RewriteCond %{THE_REQUEST} !login\.jsp.*action=init [OR]
RewriteCond %{THE_REQUEST} !login\.jsp.*action=submit
RewriteRule .* http://%{SERVER_NAME}%{REQUEST_URI} [R,L] <--- this rule is not working or the condition is not returning true
I know the [R,L] will force the executed rule to be the last rule to run on a request and redirect accordingly.
I found this little jewel after a little googleing.
mod_rewrite: My rules are ignored. Nothing is written to the rewrite log.
The most common cause of this is placing mod_rewrite directives at global scope (outside of any VirtualHost containers) but expecting the directives to apply to requests which were matched by a VirtualHost container.
In this example, the mod_rewrite configuration will be ignored for requests which are received on port 443:
RewriteEngine On
RewriteRule ^index.htm$ index.html
<VirtualHost *:443>
existing vhost directives
</VirtualHost>
Unlike most configurable features, the mod_rewrite configuration is not inherited by default within a <VirtualHost > container. To have global mod_rewrite directives apply to a VirtualHost, add these two extra directives to the VirtualHost container:
<VirtualHost *:443>
existing vhost directives
RewriteEngine On
RewriteOptions Inherit
</VirtualHost>
Adding the Inherit declaration to my single virtualhost declaration that points to the machine ip and port 443 did NOT help one bit.
Now I know that my app server communicates on 9080 and 9443 respectively but I can't find a single virtualhost in the web server httpd.conf
I did some testing with different rewrite rules while not authenticated and saw that my mod rewrite code worked.. So how do I make websphere use mod rewrite after authentication? It's like the web server is only used for unauthenticated requests and after that some blackbox container serves up everything somehow.