Monday, August 28, 2006

switching from http to https to http with Apache 2.2

Here's how to do it with just using Apache configuration files. The application is J2EE struts running on JBoss 4.0.4GA.

in httpd.conf
make sure the mod_rewrite is activated like this

LoadModule rewrite_module modules/mod_rewrite.so

then add to the httpd.conf

RewriteEngine on
# checks if request is in HTTP and then only rewrites the login pages via a regex
RewriteCond %{HTTPS} =off
RewriteCond %{THE_REQUEST} login\.do.*action=init [OR]
RewriteCond %{THE_REQUEST} login\.do.*action=submit
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

# checks if request is in HTTPS and then rewrites all other pages to http via inverse regex.
# however do not rewrite static content such as images, css, javascripts or else returned page
# will not be 100% HTTPS. All static content under /staticcontent/
RewriteCond %{HTTPS} =on
RewriteCond %{THE_REQUEST} !login\.do.*action=init
RewriteCond %{THE_REQUEST} !login\.do.*action=submit
RewriteCond %{REQUEST_URI} !/staticcontent/
RewriteRule .* http://%{SERVER_NAME}%{REQUEST_URI} [R,L]

make sure that J2EE application is sending client-side rewrites and not just server-side forwards for the login pages or else this will not work because Apache will not get the chance to rewrite the URL's.

That's it!!