uniform mod_rewrite HTTP access to HTTPS

Asked 2 years ago, Updated 2 years ago, 86 views

I am editing .htaccess, but it doesn't work the way I want, so I would like to ask for your help.

What do you want to do:

  • Unify HTTP access to HTTPS

Conditions:

  • Redirect loop.

environment:

  • SSL configured on AWS load balancer
  • Apache 2.4
  • Lavel 5.1 LTS
    .htaccess is editing what matches Ravel 5.1.

others:

  • .htaccess and logs.

.htaccess

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options - MultiViews
    </IfModule>

    RewriteEngine On

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCon%{REQUEST_FILENAME}!-d
    RewriteRule^(.*)/$/$1 [L,R=301]

    # Handle Front Controller...
    RewriteCond%{HTTPS} on # For HTTPS Access
    RewriteCon%{REQUEST_FILENAME}!-d
    RewriteCond%{REQUEST_FILENAME}!-f# file does not exist
    RewriteRule.index.php[L]# RewriteIndex.php to exit

    RewriteCond%{HTTPS} off# For HTTP access
    RewriteCon%{REQUEST_FILENAME}!-d
    US>RewriteCon%{REQUEST_FILENAME}!-f
    Redirect to RewriteRule.https://%{HTTP_HOST}%{REQUEST_URI}[L,R]# https://Hostname/URI and exit

</IfModule>

Logs (Main parts extracted)

add path info postfix: /var/www/html/path->/var/www/html/path/to
strip per-dir prefix: /var/www/html/path/to->path/to
applying pattern'^(.*)/$'touri' path/to'
add path info postfix: /var/www/html/path->/var/www/html/path/to
strip per-dir prefix: /var/www/html/path/to->path/to
applying pattern'.'touri'path/to'
RewriteCond: input = 'off' pattern = 'on' = > not-matched
add path info postfix: /var/www/html/path->/var/www/html/path/to
strip per-dir prefix: /var/www/html/path/to->path/to
applying pattern'.'touri'path/to'
RewriteCond: input = 'off' pattern = 'off' = > matched
RewriteCond: input='/var/www/html/path'pattern='!-d'=>matched
RewriteCond: input='/var/www/html/path'pattern='!-f'=>matched
rewrite 'path/to' - > 'https://myhostname/path/to'
explicitly forcing redirect with https://myhostname/path/to
escaping https://myhostname/path/to for redirect
redirect to https://myhostname/path/to [REDIRECT/302] --> Looping to this point
add path info postfix: /var/www/html/path->/var/www/html/path/to
strip per-dir prefix: /var/www/html/path/to->path/to
applying pattern'^(.*)/$'touri' path/to'
add path info postfix: /var/www/html/path->/var/www/html/path/to
strip per-dir prefix: /var/www/html/path/to->path/to
applying pattern'.'touri'path/to'
RewriteCond: input = 'off' pattern = 'on' = > not-matched
add path info postfix: /var/www/html/path->/var/www/html/path/to
strip per-dir prefix: /var/www/html/path/to->path/to
applying pattern'.'touri'path/to'
RewriteCond: I should have redirected it with input='off' pattern='off'=>matched -->https...
RewriteCond: input='/var/www/html/path'pattern='!-d'=>matched
RewriteCond: input='/var/www/html/path'pattern='!-f'=>matched
rewrite 'path/to' - > 'https://myhostname/path/to'
explicitly forcing redirect with https://myhostname/path/to
escaping https://myhostname/path/to for redirect
redirect to https://myhostname/path/to [REDIRECT/302]
・
・
of the same thing, to continue endlessly

Also, I don't understand .htaccess well, and I feel that the description is redundant, so please let me know if there is a smarter way to describe it.
Thank you for your cooperation.

aws apache

2022-09-30 21:15

2 Answers

I didn't actually try it, so I just looked it up online...

SSL Configured on AWS Load Balancer

I think this is the cause.Whether the client connects to ELB via HTTPS, the instance behind it will receive requests via HTTP.Naturally, %{HTTPS} is always off, so redirects occur indefinitely.To determine if the client-to-ELB connection is HTTPS, you must use the HTTP header X-Forwarded-Port or X-Forwarded-Proto to which the ELB attaches.

X-Forwarded Header for Elastic Load Balancing - Elastic Load Balancing

ELB itself also periodically sends requests for health checks.This request does not have the header X-Forwarded-** but must return 200.

Other things I'm curious about are

  • Redirecting to HTTPS should be done not only for URLs through Ravel but also for real files, so it is better not to have !-d!-f.Also, the pattern . does not match http://hoge.com/, so you must use .* or ^.
  • Redirecting to HTTPS is permanent, so 301 redirect is appropriate.
  • By processing and terminating the redirect to HTTPS first, you can skip a decision like RewriteCond%{HTTP}off.

To sum up, how about the following?

Redirect if connected via http to #ELB
# (HealthCheck should be false as it does not have the header)
RewriteCond%{HTTP:X-Forwarded-Port} = http
RewriteRule^https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# remove the last / except for the actual folder
RewriteCon%{REQUEST_FILENAME}!-d
RewriteRule^(.*)/$/$1 [L,R=301]

# Larvel handles all non-existent paths
RewriteCon%{REQUEST_FILENAME}!-d
US>RewriteCon%{REQUEST_FILENAME}!-f
RewriteRule.index.php [L]

Note How to configure HTTPS (SSL) communication using AWS Elastic Load Balancer and Apache - komiyak's path

2022-09-30 21:15

In the public folder, add the following code to the .htaccess file:

RewriteEngine On

# Redirect to https
RewriteCond%{HTTP:X-Forwarded-Proto}!https
RewriteRule^(.*)$https://%{HTTP_HOST}/$1 [R=301,L]

Try editing the web server settings for another method.For example, a file with the Nginx configuration.

server{
 listen80;
 server_name domain.net www.domain.net;
 rewrite^(.*)https://domain.net $1 permanent;
}

You can also change Apache settings.

2022-09-30 21:15

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

709 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error

542 Unable to install versioned in Google Colab

980 In Java servlet, when SHA-256 sends WW-Authenticate header for digest authentication, the client does not return the result.

549 PHP ssh2_scp_send fails to send files as intended

547 Who developed the "avformat-59.dll" that comes with FFmpeg?

© 2024 OneMinuteCode. All rights reserved.