tags:

views:

178

answers:

1
Q: 

Using Apache Rewrite to go from HTTP to HTTPS and vice-versa, but I get a 302 response and my app errors out.

I really hope someone knows what I'm doing wrong here, cuz I sure don't!

We have a certain page on our site which has account balance information on it, and we want to make it secure with SSL. But we only want this one particular page to be secure. I have the following in the localhost:80 virtualhost, and it works perfect:

RewriteCond %{HTTPS} off
RewriteCond %{SCRIPT_FILENAME} \/account\.php(.*) [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [QSA,L]


However, as you might guess, we want all other pages to just use HTTP. So I stuck this little snippet into my localhost:443 virtualhost:

RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !\/account\.php(.*) [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [QSA,L]

...And that's when the problem happens. I have no problems going back to HTTP, but when I click the link to go to the account page, it changes to HTTPS but I immediately get an error 302 response. I do not get this response when I remove either one of those rewrite rules, it only happens when they are both there.

I have tried replacing [QSA] with [R] and [R=301], to no avail.
(I'm aware that the %{HTTPS} on/off is a bit redundant ;))


So I have two questions:

  1. Is there something I am forgetting or doing wrong that might be causing this?
  2. Is using [QSA] redundant with $1? We use the GET method a lot to specify pages and what not.


We are using PHP 5.2.9 and Apache 2.

Many thanks in advance!!


Brian

+1  A: 

Whilst it's on here (and not moved to serverfault).. try

RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/account\.php https://%{HTTP_HOST}/account.php [R=301,QSA,L]

HTTP/1.1 302 = Found (and is not an error code), but temporarily at another location.

EDIT Actually, whilst you are putting the code in separate VirtualHosts, you may as well do

(In :80) 
RewriteRule ^/account\.php https://%{HTTP_HOST}/account.php [R=301,QSA,L]

(in :443)
RewriteCond %{REQUEST_URI} !/account\.php$
RewriteRule ^(.*) http://%{HTTP_HOST}$1 [R=301,QSA,L]
Cez  2010-02-18 09:26:32
Thanks for you input, Cez. While it didn't directly solve my problem, it did help lead me to the solution! I realized that the account.php file was making a function call from another included file, and that was what's causing my "error". Once I added that other file to the RewriteCond it all started working. D'oh!
DondeEstaMiCulo  2010-02-18 11:29:27
Glad to hear that you resolved the problem
Cez  2010-02-18 11:48:08

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP