tags:

views:

836

answers:

1
Q: 

Isapi Rewrite - preserving HTTPS in redirects behind load balancer

Hi,

I'm running a site which has 2 separate sub-domains - one for HTTP and another for HTTPS.

  • http://www.example.com
  • https://secure.example.com

http://secure.example.com does not exist and will not resolve.

The problem is that the site is running behind a load balancer which handles all SSL. Communication between the load balancer and the web servers in always HTTP.

So, when using Isapi Rewrite 3 (a mod_rewrite clone for IIS) to implement some redirects I'm running into a problem.

As far as Isapi Rewrite is concerned HTTPS is turned off - so redirects on secure.example.com are failing.

Say I have a rule which says:

RewriteRule ^/example/$ /test/ [R=301,L]

If I make a request for https://secure.example.com/example/ I would like to end up on https://secure.example.com/test/ but, because Isapi Rewrite sees HTTPS as OFF, I end up on http://secure.example.com/test/.

Is there any way I can force redirects to be to HTTPS if the domain is secure.example.com?

Something along the lines of this:

RewriteCond %{SERVER_NAME} secure.example.com
RewriteRule ^/(.*)$ https://secure.example.com/$1

Except that doesn't work - it immediately forces an explicit redirect, whereas I want to continue processing other RewriteRules.

Thanks,

Stu

+1  A: 

How about smth like this:

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^secure\.mydomain\.com$ [NC]
RewriteRule ^/example/$ https://secure.mydomain.com/test/ [R=301,L]
TonyCool  2009-07-15 11:01:02
Thanks man - that does indeed work! I was hoping there was a way to run that domain check a single time, rather than before each rule - otherwise my .htaccess file is going to become quite bloated! Maybe that's hoping for too much...
stubotnik  2009-07-15 11:14:52
If you put these rules into .htaccess in the root of secure.example.com, you can omit the host check at all.
TonyCool  2009-07-16 06:48:34
I hear you - unfortunately I'm currently restricted to using the same .htaccess file on the secure and www domains. Marking this as the answer - thanks for the help!
stubotnik  2009-07-16 09:25:31

related questions

How to use apache's mod_rewrite rewriterule without changing relative paths
Do you have to restart apache to make re-write rules in the .htaccess take effect?
Apache Redirect only when entering a password
Apache mod_rewrite RewriteRule question
Apache Mod-Rewrite Primers?
apache mod_rewrite one rule for any number of possibilities
Getting IIS6 to play nice with WordPress Pretty Permalinks
How do I use mod_rewrite to change the path and filename of a URL
Mod-rewrites on apache: change all URLs
What are the bare basics you put down when you start a new PHP project?
How to rewrite an URL on a JBoss server?
.htaccess mod rewrite 301-redirect
How to make a web app appear at the root of the site?
How do I use .htaccess to redirect to a URL containing HTTP_HOST?
Using Apache mod_rewrite to remove sub-directories from URL
mod_rewrite equivalent for IIS 7.0
Apache rewrite based on subdomain
Apache - how do I build individual and/or all modules as shared modules
Any negative impacts when using Mod-Rewrite?
mod_rewrite rule to redirect all requests except for one specific path
mod_rewrite to alias one file suffix type to another
Mod-Rewrite loading files behind the DocumentRoot
Using mod_rewrite to Mimic SSL Virtual Hosts?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs