SSL/TLS - Free, secure and friendly, or is it?
Ever wanted to force SSL for a particular directory like webmail or your PHP/Java based IRC chat applet?
Have no fear young Jedi, Strykar will show you how to do this in under a minute.
***Applause fades slowly***
I'm assuming you're running UNIX and Apache with some form of OpenSSL.
We will use Apache 1.3.37's mod_rewrite (URL Rewriting) engine, or as lowly Postfix users like to call it, voodoo. If you're running Apache 2, look at the SSLrequireSSL directive instead.
You're thinking .htaccess?
Yeah, well since this is voodoo, and we're not Haitian by birth, .htaccess doesn't always do the job, so we will edit httpd.conf and tell Apache what and where to rewrite/redirect.
We assume the directory you're protecting or preventing the DEA from sniffing your http transaction is called meth_deals and is located in /var/www/htdocs/meth_deals where /var/www/htdocs is your DocumentRoot
Do a locate httpd.conf or find / -name httpd.conf to find your Apache configuration. Add this to the end:
#Force https for the meth_deals directory RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/meth_deals(.*) https://%{SERVER_NAME}/meth_deals$1 [R,L]Insist on using .htaccess for whatever reason? Don't know your DocumentRoot?
Look in httpd.conf or do: find / -name httpd.conf -print | xargs grep 'DocumentRoot "' | awk -F'"' '{print $2}'
(Thanks to fwaggle for improving the find regexp above.)
Ensure .htaccess is enabled in your Apache configuration.
Go to your DocumentRoot directory and create a file called .htaccess and add the following to it:
RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^meth_deals(.*) https://%{SERVER_NAME}/meth_deals$1 [R,L]Notice the lack of a leading slash before the directory name ^meth_deals? No?
A common mistake is to have a leading slash which is meant when this info is put in Apache's configuration file and not .htaccess
RewriteRule ^/meth_deals(.*) https://%{SERVER_NAME}/meth_deals$1 [R,L]Test the url by going to http://yourservername.com/meth_deals
You should be redirected to https://yourservername.com/meth_deals
If not, check /var/log/apache/error_log or where ever your Apache error logs are located.