[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Forcing HTTPS for certain parts of a site

(Yes I know I'm "top-posting".  Deal with it.  If I can adapt after 10 years
of hating it, so can you.)

> >RewriteCond     %{SERVER_PORT}      !^443$
> >RewriteRule     ^/folderToBeSecured/(.*)?$
> >https://%{SERVER_NAME}/folderToBeSecured/$1 [L,R]

You can reverse the ruleset like this:

#      only match sessions on port 443 - note removal of regexp negation
RewriteCond     %{SERVER_PORT}      ^443$
#     match all requests that are NOT in the secure area - note negation of
regexp and removal of terminal match
RewriteCond     !^/folderToBeSecured/
#     now send them back to the non-ssl site
#    - note the "canonical" method of doing so,
#      this removes the necessity to match entire URI in the regexp
#      This isn't necessarily better, just different - maybe even slower,
dunno.
RewriteRule    ^.*$    http://%{SERVER_NAME}/%{REQUEST_URI} [L,R]


-Adam Thompson
 Qunara
 adamt@xxxxxxxxxx

"The great thing about mod_rewrite is it gives you all the configurability
and flexibility of Sendmail. The downside to mod_rewrite is that it gives
you all the configurability and flexibility of Sendmail."
        - Brian Behlendorf, Apache Group


----- Original Message -----
From: "KAMRY" <kamry1888@xxxxxxxxx>
To: <cobalt-developers@xxxxxxxxxxxxxxx>
Sent: Saturday, August 25, 2001 1:41 PM
Subject: RE: [cobalt-developers] Forcing HTTPS for certain parts of a site


> Yes very nice decision, could you post it :)) See I came up with I posted
> after a long search a long time ago, but I don't know how to reverse the
> logic although I thought about this and that what I was looking for, but I
> don't have much knowledge with mod_rewrite and how the order should be and
> what I can add/delete nor I know how to make it http for all other
folders.
>
> I appreciate it if you post the solution.
>
> Kal
>
> -----Original Message-----
> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Ted Behling
> Sent: Sat, August 25, 2001 2:28 AM
> To: cobalt-developers@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-developers] Forcing HTTPS for certain parts of a
> site
>
>
> At 05:13 PM 8/24/01 -0400, KAMRY wrote:
> >I have the following after the rewrite rule in a <v... host>:
> >
> >RewriteCond     %{SERVER_PORT}      !^443$
> >RewriteRule     ^/folderToBeSecured/(.*)?$
> >https://%{SERVER_NAME}/folderToBeSecured/$1 [L,R]
> >
> >
> >Now, the biggest problem is this work pretty well, however if a client
> >clicks on home or services from that page in that secured area then the
> >https will continue on, and this is a burden on the machine.
>
> Well, why don't you just reverse the logic of the above?  "If the hit
comes
> over SSL and it's not in folderToBeSecured, then redirect to non-SSL"
>
> --------------------------------------------------------------------------
> Ted Behling, Web Application Developer - Monarch Information Systems, Inc.
>
> 43 Folly Field Road, Unit 4, Hilton Head Island, SC 29928-5434
> E-mail: mailto:TBehling@xxxxxxxxxxxxx
> Phone/Fax: 1-800-842-7894    Local or Outside the USA: 1-843-842-7894
> Cell Phone (urgent issues): 843-816-7895
> Cell Phone E-mail: mailto:TedPhone@xxxxxxxxxxxxx (116 letter limit)
> Web site: http://www.MonarchIS.net
> --------------------------------------------------------------------------
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>