Apache mod_rewrite
Years ago, the guru's at Apache built the Apache web server. It's the most widely used web server available, and runs on several different platforms (including our favorite, linux). NetCraft claims that it has more than 60% of the market, in their November rankings.Today, while doing a server upgrade, we decided to stop allowing non-secured access to a client's website. We wanted to ensure that all connections were secured, using an SSL connection. However, we could not disable access for those users who do not type in https:// in a connection string. We also would prefer that old bookmarks still worked on the site.
mod_rewrite is the answer. mod_rewrite is available with Apache 1.3 and Apache 2.X versions, and allows users to chain together regular expressions and rewrite the URL's for the end user. Our solution only required a simple rule to turn all http:// into https:// for any requests to this particular domain. The code looks like this:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com$1 [R,L]
The first line turns on the mod_rewrite engine.
The second line requires that access to the system be on port 80 (for this rule to work).
The third line actually does the magic, and takes the URL and turns it into the https:// version.
(A word to the wise: If you decide to use the above rules in a .htaccess file, then there should be a / between the .com and the $1).
And that's it. Restart Apache, and there are no more non-secure connections.
Some more examples can be found here.
1 Comments:
I read the article and like the idea. some mor great articles can be found here http://www.yourhtmlsource.com/sitemanagement/urlrewriting.html it is also very handy and interesting
Post a Comment
<< Home