# HTTPS Redirect not working



## baronobeefdip (Feb 11, 2012)

I just exhausted all resources and nothing seems to be working. I built an Apache web server in FreeBSD 9, put the rewrite module in the /usr/local/etc/apache22/extra/httpd-default.conf. I even created the .htaccess file and placed it in /usr/local/www/apache22/data, which is the same location where the index.html file is stored. Whenever *I* put in the IP address of the web server in a web browser on another computer, I get the web page but with http://, Not https://. How do *I* fix this. Here's what I have been putting in the files

/usr/local/etc/apache22/extra/httpd-default.conf
and
/usr/local/www/apache22/data/.htaccess

```
RewriteEngine on 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
```


```
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule  ^(.*)$  https://%{HTTP_HOST}%{REQUEST_URI}
```

I put them inside the files exactly as they seem and none of them are working, I still get directed to the http:// page instead of the https:// page.


----------



## Anonymous (Feb 11, 2012)

baronobeefdip said:
			
		

> I just exhausted all resources and nothing seems to be working. I built an Apache web server in FreeBSD 9, put the rewrite module in the /usr/local/etc/apache22/extra/httpd-default.conf.



On a new installation, /usr/local/etc/apache22/extra/httpd-default.conf is disabled, i.e. the respective Include directive quite at the end of /usr/local/etc/apache22/httpd.conf got a hash sign in front of it - you did remove the hash (#), didn't you? 



			
				baronobeefdip said:
			
		

> I even created the .htaccess file and placed it in /usr/local/www/apache22/data, which is the same location where the index.html file is stored.



Did you specify "AllowOverride All" for that directory? On a fresh installation, AllowOverride is set to None for the base directory, and .htaccess files won't have any effect. You can check, whether the .htaccess file is active, by putting garbage at the first line of it - later you would remove this of course. Then reload the web page in your browser, and Apache should throw an Internal Error on this. If it doesn't, i.e. serves the request without any error, then the .htaccess file is not in action.


```
this_is_garbage_and_apache_should_throw_an_error_on_this.
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule  ^(.*)$  https://%{HTTP_HOST}%{REQUEST_URI}
```

I checked your .htaccess on a test directory of my server, and it worked as exepected.

Best regards

Rolf


----------



## baronobeefdip (Feb 11, 2012)

Just enabled the configuration files that you have stated to uncomment and it worked. I opened the /usr/local/etc/apache22/httpd.conf file and took the # symbol out of this line.

```
#include /usr/local/etc/apache22/extra/httpd-default.conf
```

I also entered this text into the file /usr/local/etc/apache22/sites-available/httpd-default.conf file.

```
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule  ^(.*)$  https://%{HTTP_HOST}%{REQUEST_URI}
```
Opened a browser on another computer, And lo and behold the browser was automatically directed to the https page instead of the http one. One more thing, How do I prevent my browsers from accessing the http:// page by just typing in the address http:// address to avoid the https:// one?


----------



## Anonymous (Feb 12, 2012)

baronobeefdip said:
			
		

> Just enabled the configuration files that you have stated to uncomment and it worked.  ...
> ... One more thing, How do I prevent my browsers from accessing the http:// page by just typing in the address http:// address to avoid the https:// one?



I do not understand your question. The whole exercise done so far has been for automatically redirecting browsers coming in via http:// to the https:// equivalent of the given page. This effectively prevents browsers from accessing your page via http. So, what else do you need to prevent?


----------



## baronobeefdip (Feb 16, 2012)

Actually that would be all. Further experimenting showed that it is virtually impossible for somebody to go into http


----------



## varda (Feb 22, 2012)

In fact it works. I'm not sure how this behavior conforms to specifications but it works. Below is part of working config for Apache 2.2.22


```
UseCanonicalName Off
UseCanonicalPhysicalPort On

NameVirtualHost *:80

<IfDefine SSL>
	Listen 443
	NameVirtualHost *:443
</IfDefine>

<IfModule ssl_module>
	SSLEngine Off
</IfModule>

<IfModule macro_module>

<Macro EnableSSL>

	<IfModule ssl_module>
	
		SSLEngine on
		SSLVerifyDepth 10
		SSLVerifyClient none
		SSLOptions +StdEnvVars
		#SSLSessionCache

		SSLCertificateFile /etc/opt/apache/httpd.pem
		SSLCertificateKeyFile /etc/opt/apache/httpd.pem

		SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
		SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

		CustomLog "/var/opt/apache/log/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
	</IfModule>
</Macro>

<VirtualHost *:80 *:443 >

	Use EnableSSL

	ServerName www
	ServerAlias www.local
	ServerAlias server server.local

	DocumentRoot /pub/www/htm
	ScriptAlias /cgi-bin/ /pub/www/cgi/

	UserDir /home/*/pub-html

	<Directory /*>

		IndexIgnore .*
		Options FollowSymLinks

		AllowOverride All
		Order deny,allow
		Allow from all
	</Directory>

	RewriteEngine on
	RewriteCond %{HTTPS} off
	RewriteRule  ^(.*)$  https://%{HTTP_HOST}%{REQUEST_URI}

	Alias /mail /pub/mail
	Alias /pub /pub/ftp
	Alias /bw /var/opt/bandwidthd/htdocs
	Alias /vnstat /opt/vnstat/share/doc/vnstat/examples
	Alias /hotspot/ "/opt/easyhotspot/"

</VirtualHost>
```

I'm using mod_macro since I have several dozen virtual hosts with or without SSL. You can use this fragment as include file for testing purpose.

When I go to http://server/mail/, the browser asks to accept self-signed certificate and continues to https://server/mail/

Trailing slash is important for directory specification. Also objects should exist phisically or aliases be set up correctly. 

If you remove forceful SSL redirection you will have both http and https working. Port specifications (*:80 *:443) are important.

Also directives 
	
	



```
UseCanonicalName Off
```


```
UseCanonicalPhysicalPort On
```
 are impotrant. Please read about it in the Apache documentation.


----------

