I have a custom software that runs it's own webserver. I then found instructions on how to use apache2 as a proxy that will enable ssl for that site. (long story short, my custom software doesn't support ssl and it's not an option)
View 2 Replies
I keep hearing that redirecting from http to https is not very secure [non-SSL to SSL]. Among other reasons, one reason is that the browser may continue to think it is communicating with non secure server and may not encrypt the data. Is it true? I hope not, I am using the following -
<VirtualHost 12.34.567.89:80>
ServerName www.mysite1234.com:80
Redirect / https://www.mysite1234.com/
</VirtualHost>
I'm using a turnkey image for smallmachineforum system, installed on amazon aws instance.
In the default configuration I can't use the http version of the site, only the https.
It does not seem to be a network issue, a telnet on port 80 opens.
The server is apache version 2.2.22, on a Debian 3.2.57-3+deb7u2 x86_64
I am trying to find out if redirecting an https URL to an http URL will still provide the security of the original https? Should the page information for the redirected http page show it as being unencrypted or shouldn't it have the same encryption as the original https?
View 3 Replies View RelatedI recently got a SSL-certificate for my website. Now the old links to my website (using only http) doesnt work, the visitors just getting redirected to my index page. How can I change my .htaccess so both http and https works, but keep https as the preferred? Or even better, redirect old http links to https? I'm not using www.
My current .htaccess:
RewriteCond %{HTTPS} off
RewriteRule (.*) https ://%{HTTP_HOST}%{REQUEST_URI}
i want to redirect main domain http //, www request to https://
i added this code
RewriteCond %{HTTPS} off# First rewrite to HTTPS:# Don't put www. here. If it is already there it will be included, if not# the subsequent rule will catch it.RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]# Now, rewrite any request to the wrong domain to use www.RewriteCond %{HTTP_HOST} !^www.RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Apache2.4.6
apr-1.4.8
openssl-1.0.1c
arm-linux-gcc4.4.4
Recently I cross compiled Apache2.4.6 to run in my ARM cpu, and I found that http can work well if only it's own port such as 80 is listened, but if add one more port to be listened in conf file, http fails. That means http is good, but after https is on, http stop working and https is good. At the same time, I built the same apache2.4.6 in X86 gcc4.6.1, http and https can both work well. In addition, I also tried apache1.3.33 in the same ARM system, http and https can work well too. It seems like that in apache2.4.6, http can't work well if there is one more port listened in ARM system. Actually http port is listening and is established when using netstat to monitor it.
root@freescale /usr/local/apache/bin$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::www :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
tcp 0 0 (null):www (null):3705 ESTABLISHED
tcp 0 0 (null):443 (null):3720 ESTABLISHED
I am using an apache reverse proxy :
httpd -version
Server version: Apache/2.2.15 (Unix)
Server built: Oct 16 2014 14:48:21
In front of an internet liferay server, I m forcing https connexion and my reverse proxy is the SSL endpoint, and it is working fine.
But inside the liferay page there are "http" link to other webserver, and browser are refusing to load them because they are http and not https.
Is there a way in the reverse proxy to rewrite "on the fly" "http" link to "https" so that everything would be load on the browser ?
I was thinking mod_proxy_html but it doesn't seams to do what I want.
I want to rewrite my all site urls from http to https and also preserve URL canonicalation like all url redirected to http://www. How to achieve this goal?
View 1 Replies View RelatedI'm currently struggling with an issue on our Apache 2.2.24 home-rolled installation on an OEL 6.2 x64 linux server that front-ends for a Glassfish cluster via proxypass.The httpd.conf manages 4 virtual hosts with each virtual host entry rewriting to HTTPS.
Anyone trying to access the HTTP address redirects to HTTPS just fine.The issue is that anyone using the HTTPS address gets redirected to the Document Root defined in Apache instead of being proxypassed to Glassfish.
I had set up a dummy DocumentRoot with a simple index.html meta redirect and what happens is that anyone directly accessing HTTPS will hit the index.html file which redirects to the the https site. At this point it simply loops to infinity.
I´ve read that a whole https website might be better for SEO than just a mixed version. So I want to change the whole website to https.
We are using Plesk 12 on Win 2008 R2.
One Website is using DotNetNuke 7.3.2.
How can I automatically set the whole website to https?
What happens to the users that just type domainname.com without http or https.?
What is the right search engine friendly technique to permanently redirect to the https version even when the user is not using the application protocol prefix http/https?
Where can I do the setup in Plesk 12 fro Windows?
Are their any other drawbacks that I have to think over before I do the changes?
I've been asked to put an Apache Reverse Proxy in place as per guidance from SAP - [URL] - but have come across an issue where the CSS file is not rewritten by the reverse proxy. The below is the Virtual Hosts entry from the test httpd.conf that i'm running to get it working. I'll be moving this to vhosts entries when it eventually works (optimism slowly vanishing! ).
Listen 443
<VirtualHost *:443>
SSLEngine On
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
AllowEncodedSlashes On
SSLCertificateFile /Apache24/conf/FILE.crt
SSLCertificateKeyFile /Apache24/conf/KEYFILE.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
ServerName Gateway.External.co.uk
ProxyPass / http://SAPGateway.Internal:8010/ nocanon
ProxyPassReverse / http://SAPGateway.Internal:8010/
ErrorLog "C:/Apache24/logs/error.log"
TransferLog "C:/Apache24/logs/access.log"
</VirtualHost>
Each post I come across with a similar issue mentions the trailing '/' on the ProxyPass entries, unfortunately - for me - they're there!
RewriteRule ^massaggi-([^/]*)$ /an.php?prov=$1 [L]
View 1 Replies View RelatedCurrently I have a URL that has HTTP. This has been given to the public. There is no doubt that they have added this URL to their favorites.
In about 2 weeks, I will be applying an SSL certificate that would add an ‘S’ to the HTTP (e.g. https)
My questions is: After applying this SSL certificate, which adds an “S”, will the link saved in my users’ favorites still work? Or do I have to add some HTML code that will redirect them?
I have installed SSL for the domain abc.com, for security reason I'd like make [url]is default for all access, that mean if the visitor type [url]on the browser, it will auto forward to[url]
View 8 Replies View RelatedI am maintaining a site that is totally on a secure folder. I have been asked to make only the things like the cart to be secure and to make the rest of the site non-secure.
there is an https and an http folder on the server all of the site is now on the https folder. I thought all I needed to do is move the pages I wanted to be non-secure to the http folder and then use an absolute address when I needed to refer betweem them.
I called my hosting people (the people who originally developer the site and made it all secure before handing to it me) and asked them about what all I need to do. they said its very complicated because I am dealing with 2 different root directories and didn't offer me much info on how to do it myself instead they just said if I can't figure it out they will do it for a price.
We are getting the below message produced in error.log when accessing from mobile application. Even I have updated apache from 2.4.9 to 2.4.10 also. Still facing the same error like below.
[Thu Jul 31 15:27:10.934564 2014] [ssl:error] [pid 12000:tid 6520] AH02032: Hostname teampark3.sogeti.com. provided via SNI and hostname teampark3.sogeti.com provided via HTTP are different
How to resolve the issue?
if there is anyway to redirect my users to https no matter what page they are on using htaccess?
I really don't fancey using full url extentions and changing them on every link on my site. I can get the homepage to redirect to https but not any other.
If there is no way to do this does anyone know the shortest hyperlink to use the redirect?
I have to redirect all the links from http to https.
IS there some setting on IIS.
SSL is installed on server.
My Linux Server's Http Daemon (Apache) would stop serving websites ever so often, as soon as apache is restarted the error fixes iteself only to resurface within few hours.
The apache process would still be running i.e. apache does not die but no websites hosted on my server would be accessible from browser. And when this happens the apache logs do not log any http requests.
Instead when this happens all http requests to my server would be redirected to some weird Trojan website and my Norton Antivirus would show an Alert/Warning, for example;
"Browser exploit at www.xxx.xxx was blocked"
Risk Name: MSIE WebViewFolderIcon ActiveX Control BO
or another error like;
"Auto-Protect has detected Trojan.Fakeavalert".
At first i thought the problem could be with my Laptop/ISP so i logged on to the server via SSH and opened try to open a website using command line "lynx mywebsite.com" and it shows following error;
"Alert!: HTTP/1.0 503 Service Unavailable".
Now if i assume my laptop were to be infected, then as soon as i restart my apache and visit mywebsite.com eveything returns to normal with no such warnings. Why do i see those norton error messages only when apache is down with 503, and when apache is down with 503 how come the http requests always get redirected to some suspicious websites and nothing gets logged in apache error log?
I think my server is being attacked causing http to get unresponsive and thereafter http requests to my server are redirected to some malicious website, is this correct?
Also, i suspect this is a php script exploit as some customers have reported that google have blocked their website due to security reasons, i found <iframe> tage inserted in some php pages which i fixed.
Also, another thinh i noticed;
when apache responds with the 503 it is referencing PHP 5.1.4 in the header response:
[root@]# curl -I xxx.xxx.xxx.xxx (my server ip)
HTTP/1.0 503 Service Unavailable
Server: Apache
X-Powered-By: PHP/5.1.4
Retry-After: 20
I am running PHP 4.3.9m why does apache responds with PHP 5.1.4 when this 503 error surfaces?
Also, since my apache was dowan with 503 error a customer mailed in today saying;
"It seems that my site www.xxxx.com is regularly down, and the winlogon virus is involved."
I suspect this is again due to the fact that http requests start getting redirected?
I have set up an Apache web server that has ssl enabled. If I go to https://myserver.com I get the 'it works!' page and the certificate is valid and trusted. If I go to https://myserver.com/myapp that also works (it's an Oracle weblogic deployed java app that I'm fronting with Apache).
I would like to configure Apache so that when a user goes to simply https://myserver.com it automatically directs them to https://myserver.com/myapp rather than showing the 'It works!' page. I have read some documentation and experimented with setting a redirect via the https.conf file and even the ssl.conf file but nothing seems to work. I either get a 404 or simply the 'It works! page.
I have done this with .htaccess on apche but I am looking to do HTTP to HTTPS redirect for all requests on Zeus server using rewite.script
what I want basically is that all request to [url]goes to [url]
I have bought ssl certificate but if I open my site I think it is redirect to http because I dont see https. I use nginx like web server.
View 13 Replies View Relatedhow can I make a redirect traffic to the site that I have over HTTPS in HTTP? Disabling SSL 404 using Plesk 11 with nginx + php-pfm
View 2 Replies View Relatedhow to catch request over http and forward them to https, I have VPS/Plesk and I was wondering how to do that.
Also, what do you think about having a sub domain on each client domain to access plesk, likes this:
[url]--> [url]
