tags:

views:

82

answers:

2
+1  Q: 

Problem with redirecting *.example.com & example.com to www.example.com for HTTPS

We have a site I'll call example.com. Most of the time you see http://www.example.com and sometimes we redirect you to https://www.example.com.

We want to redirect anyone going to http://example.com or http://*.example.com to http://www.example.com, and the same for https. (It's mainly to avoid the alert you get if you go to https://example.com instead of https://www.example.com)

Our vhost file is at the end of the post. It works nicely except for one strange behavior:

It's this last result I can't fathom. I've tried a lot of trial and error solutions from Google & Stack Overflow but nothing seems to change it. Even if we swap the order of the configurations (so that 443 is before 80) it still redirects https://foo.example.com to http://www.example.com

We are running Apache/2.2.12 on Ubuntu.

Here's the configuration file:

<VirtualHost *:80>
    ServerName www.example.com
    ServerAlias example.com *.example.com
    ServerSignature On
    DocumentRoot /var/www/example.com/public
    RailsEnv 'production'
    PassengerHighPerformance on
    <Directory /var/www/example.com/public>
         AllowOverride all
         Options -MultiViews
    </Directory>
    SSLEngine Off
    CustomLog /var/log/apache2/example.log combined
    ErrorLog /var/log/apache2/example-error.log
    # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
    LogLevel warn
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP_HOST} ^[^\./]+\.[^\./]+$ 
    RewriteRule ^/(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example.com
    ServerAlias example.com *.acome.com 
    DocumentRoot /var/www/example.com/public
    RailsEnv 'production'
    PassengerHighPerformance on
    <Directory /var/www/example.com/public>
         AllowOverride all
         Options -MultiViews
    </Directory>
    SSLCertificateFile /etc/ssl/certs/www.example.com.crt
    SSLCertificateKeyFile /etc/ssl/private/example.com.private.key
    SSLCACertificateFile /etc/ssl/certs/EV_intermediate.crt
    SSLEngine On
    CustomLog /var/log/apache2/ssl-example.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    ErrorLog /var/log/apache2/ssl-example-error.log
    # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
    LogLevel warn
    RewriteEngine On
    RewriteCond %{HTTPS} on
    RewriteCond %{HTTP_HOST} ^[^\./]+\.[^\./]+$ 
    RewriteRule ^/(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
</VirtualHost>
A:  
    ServerAlias acme.com *.acome.com

Is that the problem right there? You have misspelled your domain name.

Greg Hewgill  2010-05-13 22:53:30
Unlikely to be the problem - I don't think acme.com is his ACTUAL domain name. :)
Evgeny  2010-05-13 22:59:39
Yes, but this nicely illustrates the problem with asking for help using fake data. The OP hasn't shown us the *real* problem.
Greg Hewgill  2010-05-13 23:06:41
A: 

Thanks to everyone who took the time to read the question, or (even better) to try and help. It's what makes Stack Overflow such a useful resource.

We re-read TFM, learnt a bit more about Apache rewrite and here's the answer.

Problem #1: The rewrite rules (taken from Google) were designed to only redirect acme.com to www.acme.com, not any other sub-domain.

Problem #2: For some reason, Chrome was redirecting to http://www.acme.com by itself. When we removed the rewrite rules completely, the described behavior still happened.

Solution: Change the rewrite rules to actually catch any sub-domain other than www.

See below for a working solution.

There remains one issue. if you go to https://acme.com (or any sub-domain), some browsers will throw a warning saying the SSL certification does not match before redirecting you. The only way to fix this is to get a wildcard cert. As we're using an Extended Validation cert that was already very expensive we're just going to have to live with that warning for now. Would love to hear about any workarounds that would avoid showing an invalid cert warning before redirection.

<VirtualHost *:80>
    ServerName www.acme.com
    ServerAlias acme.com *.acme.com
    ServerSignature On
    DocumentRoot /var/www/acme.com/public
    RailsEnv 'production'
    PassengerHighPerformance on
    <Directory /var/www/acme.com/public>
         AllowOverride all
         Options -MultiViews
    </Directory>
    SSLEngine Off
    CustomLog /var/log/apache2/acme.log combined
    ErrorLog /var/log/apache2/acme-error.log
    # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
    LogLevel warn
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} ^/(stats/|missing\.html|failed_auth\.html|error/).* [NC]
    RewriteRule .* - [L] 
    RewriteCond %{ENV:REDIRECT_STATUS} 200
    RewriteRule .* - [L]
    RewriteCond %{HTTP_HOST} !^www\.[a-z-]+\.[a-z]{2,6} [NC]
    RewriteCond %{HTTP_HOST} ([a-z-]+\.[a-z]{2,6})$     [NC]
    RewriteRule ^/(.*)$ http://www.%1/$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName www.acme.com
    ServerAlias acme.com *.acme.com
    DocumentRoot /var/www/acme.com/public
    RailsEnv 'production'
    PassengerHighPerformance on
    <Directory /var/www/acme.com/public>
         AllowOverride all
         Options -MultiViews
    </Directory>
    SSLCertificateFile /etc/ssl/certs/www.acme.com.crt
    SSLCertificateKeyFile /etc/ssl/private/acme.com.private.key
    SSLCACertificateFile /etc/ssl/certs/EV_intermediate.crt
    SSLEngine On
    CustomLog /var/log/apache2/ssl-acme.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    ErrorLog /var/log/apache2/ssl-acme-error.log
    # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
    LogLevel warn
    RewriteEngine On
    RewriteCond %{HTTPS} on
    RewriteCond %{REQUEST_URI} ^/(stats/|missing\.html|failed_auth\.html|error/).* [NC]
    RewriteRule .* - [L] 
    RewriteCond %{ENV:REDIRECT_STATUS} 200
    RewriteRule .* - [L]
    RewriteCond %{HTTP_HOST} !^www\.[a-z-]+\.[a-z]{2,6} [NC]
    RewriteCond %{HTTP_HOST} ([a-z-]+\.[a-z]{2,6})$     [NC]
    RewriteRule ^/(.*)$ https://www.%1/$1 [R=301,L]
</VirtualHost>
Mat E.  2010-05-14 15:18:48

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP