logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Use http on one page, force ssl on all others
Author
pschmehl



Joined: 13 Oct 2017
Posts: 16
Location: United States, Richardson, TX

PostPosted: Sun 15 Oct '17 20:20    Post subject: Use http on one page, force ssl on all others Reply with quote

I have a need to make my rss feed http. I just switched the site to ssl, and that broke the feed. Apparently rss feeds don't do https yet.

I was using the following in my conf file:
Code:
<VirtualHost 10.0.0.109:80>
    ServerAdmin webmaster@vvfh.org
    ServerName blog.vvfh.org
    RedirectPermanent / https://blog.vvfh.org/
</VirtualHost>
<VirtualHost 10.0.0.109:443>
    ServerName blog.vvfh.org

Obviously, I can't do that and serve one page with http. So, what's the best solution for this?
Back to top
bagu



Joined: 06 Jan 2011
Posts: 193
Location: France

PostPosted: Sun 15 Oct '17 20:36    Post subject: Reply with quote

Maybe with mod_rewrite and an other rewritecond in

Code:
   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteCond something to exlude the page
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Back to top
pschmehl



Joined: 13 Oct 2017
Posts: 16
Location: United States, Richardson, TX

PostPosted: Sun 15 Oct '17 21:16    Post subject: Reply with quote

Wordpess has an option to force ssl for logins and admin pages.
Code:
define('FORCE_SSL_ADMIN', true);

So, now the site is working again (the rss feed works on http.) Id like to force ALL pages, except the feed, to ssl, but I have some concerns.
Here's my conf file now:
Code:
<VirtualHost 10.0.0.109:80>
    ServerAdmin webmaster@vvfh.org
    ServerName blog.vvfh.org
    DocumentRoot /home/schmehl/Sites/blog.vvfh.org
    <Directory "/home/schmehl/Sites/blog.vvfh.org">
        AllowOverride All
        Options FollowSymLinks
        Require all granted
    </Directory>
</VirtualHost>
<VirtualHost 10.0.0.109:443>
    ServerName blog.vvfh.org

I just need to figure out the rewrite rule to exclude the feed. I'm concerned, though, that any rewrite rule might stomp on the Wordpress setting, or vice versa.
Back to top
pschmehl



Joined: 13 Oct 2017
Posts: 16
Location: United States, Richardson, TX

PostPosted: Sun 15 Oct '17 21:40    Post subject: Reply with quote

Would it be possible to do something like this?
Code:
Rewrite Engine On
RewriteRule exclude the feed
RedirectPermanent (for everything else)
Back to top
pschmehl



Joined: 13 Oct 2017
Posts: 16
Location: United States, Richardson, TX

PostPosted: Tue 17 Oct '17 4:19    Post subject: Reply with quote

I find Apache's rewrite rules extremely frustrating.
I've tried several variations of this. Nothing works.
Code:
    RewriteEngine On
 RewriteCond %{HTTPS} =off
 RewriteCond %{REQUEST_URI} !^/feed$
 RewriteRule / https://blog.vvfh.org

No matter what I do, http://blog.vvfh.org/feed gets rewritten to https://blog.vvfh.org/feed. It's like the RewriteCond is being ignored.

I would prefer for the entire site to be SSL, but the RSS feed doesn't work with SSL, so it has to be http. I have tried:
Code:
RewriteCond ${REQUEST_URL} !feed
RewriteCond ${REQUEST_URL} !/feed
RewriteCond ${REQUEST_URL} !^/feed
RewriteCond ${REQUEST_URL} !^/feed$
RewriteCond ${REQUEST_URL} !feed$

None of these work.

I'm at a loss.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Tue 17 Oct '17 10:35    Post subject: Reply with quote

hmmm, HTTPS will never = "off", I saw a statement somewhere in the mod_rewrite doc or wiki that would lead one to believe you can test for it, you can't. It either exists and it's value is on or simply doesn't exist. Now this works for me on it's own and will kick me out of https if I go to /feed via https.

RewriteCond %{HTTPS} =on [NC]
RewriteCond %{REQUEST_URI} /feed
RewriteRule ^ http://%{SERVER_NAME}%{REQUEST_URI} [R,L]

I am stupidly assuming that somewhere in the htaccess file that /feed is being rewritten to something like index.php?somevar=someval. So it depends on what you have there already, where you need to check for /feed before it's rewritten and if it's going to be rewritten back to https further down.
Back to top
pschmehl



Joined: 13 Oct 2017
Posts: 16
Location: United States, Richardson, TX

PostPosted: Tue 17 Oct '17 19:29    Post subject: Reply with quote

I've been studying this for a while. i think you are right. /feed is built from something else. Last night I discovered that there's a template with a function in it that builds the feed, so it's probably not possible to redirect it.

I tried your configuration but got the same result. I don't think a rewrite rule is going to work. Instead, I'm going to have to find an extension that understands https feeds.

Thanks for your input.

BTW, on the Apache wiki, they have this for forcing http to https:

RewriteCond ${HTTPS} !=on [NC]
RewriteRuel ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

I prefer to use RedirectPermanent / https:/url
Back to top


Reply to topic   Topic: Use http on one page, force ssl on all others View previous topic :: View next topic
Post new topic   Forum Index -> Apache