Topic: Force users to SSL HTTPS only, not working. Correct method?

[mewbie]

using: Linux Debian / apache2-mpm-prefork 2.2.9-10+lenny2
Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny3 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0 Server at ********* Port 80

I've been trying for days to get redirect/force users to 'https' SSL only without success. For example a user typed: http://whatever.com they will be redirected to: https:/whatever.com

I've read and done a variety of things (note I remove what I have done before trying next method):

1.) add to apache2.conf this line:
Redirect permanent / https://my.url.com/

Produces Loop error "redirecting the request for this address in a way that will never complete."

============
2.) Create a .htaccess and put it in webroot (/var/www/.htaccess) (I presently don't use any .htaccess files):
pico /var/www/.htaccess
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

chmod 644 /var/www/.htaccess
/etc/init.d/apache2 reload

Produces this error: "Internal Server Error <The server encountered an internal error or misconfiguration and was unable to complete your request....."

============also tried this code in .htaccess and produced same error:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://myurl.com/$1 [R,L]

============
3.) Read to add this line to apache2.conf:
LoadModule rewrite_module modules/mod_rewrite.so

Produced this error: Cannot load /etc/apache2/modules/mod_rewrite.so into server: /etc/apache2/modules/mod_rewrite.so: cannot open shared object file: No such file or directory failed!

As suspected as I can't find (grep) in 'any' of the files the "LoadModule" line, period.

The only thing I could find that sounds related was this here:
/etc/apache2/mods-available/rewrite.load
so seems this module isn't even loaded as it's not in the /mods-enabled/ directory.

============
4.) Tried this too:

< VirtualHost *:80 >, add/uncomment such that the following lines read as required:
RewriteEngine on
RewriteRule ^/(protected.*) https://website.com/$1

So I:

pico /etc/apache2/sites-available/default
Was this:
<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /var/www/

Changed to:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
RewriteEngine on
RewriteRule ^/(.*) https://myurl.com/$1

DocumentRoot /var/www/

/etc/init.d/apache2 reload
Syntax error on line 3 of /etc/apache2/sites-enabled/000-default:
Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration failed!

Please if anyone could help solve this that would be great!
Thank you for your time

[James Blond]

A short example for a folder.

[mewbie]

James Blond thank you! Its purrrfect. And working even without the symlink, I skipped that part to test first. And no .htaccess!

One thing I do notice is the prompt window for name/password comes up before it redirects me. I enter info, URL changes to https and page loads.

So is the name/pass being sent via SSL?

btw, off subject, fun read, take a look here if you haven't already astalavista.com , got hacked.

[James Blond]

I guess it is over SSL, but not for sure.
If you have different log files (vhost and ssl vhost youcan check for the 401 "error" and see in which of the log files it is.

[glsmith]

So is the name/pass being sent via SSL?

Good question,

Where is Authentication set up? At both ends http/https (as would be if set up in a .htaccess file e.g. "a shared config")? If so then one could safely assume that no, it is not being sent encrypted but being sent plain text and then redirected after passing auth test.

James has the way to check .. my guess is you will find it in the regular access log, not the ssl one. I will be happy if proven wrong.

[mewbie]

Wish I could give a conclusive answer but I can't find a 'ssl log' file.
I have only found: /var/log/apache2/access.log & error.log

I don't think either have any reference to it.

Error log has some errors, but I believe it to be for AjaxTerm I'm setting up:
[Sun Jun 07 06:25:02 2009] [notice] mod_python: Creating 8 session mutexes based on 50 max processes and 0 max threads.
[Sun Jun 07 06:25:02 2009] [notice] mod_python: using mutex_directory /tmp
[Sun Jun 07 06:25:03 2009] [notice] Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny3 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
[Sun Jun 07 06:25:03 2009] [error] proxy: ap_get_scoreboard_lb(1) failed in child 24698 for worker proxy:reverse
[Sun Jun 07 06:25:03 2009] [error] proxy: ap_get_scoreboard_lb(0) failed in child 24698 for worker http://localhost:8022/