[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-users
Subject: RE: [users@httpd] http-https [EXT]
From: James Smith <js5 () sanger ! ac ! uk>
Date: 2020-08-12 9:55:36
Message-ID: ddbdb542e33c4f6db43ff787f80a260f () sanger ! ac ! uk
[Download RAW message or body]
Add also remember to add the HSTS headers
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; \
preload"
{only put includeSubDomains & preload if you can} this stops the client sending \
further HTTP requests but only HTTPS {most web servers}
This can stop the plain text password issue...
From: Jim Albert <jim@netrition.com>
Sent: 11 August 2020 15:07
To: users@httpd.apache.org
Subject: Re: [users@httpd] http-https [EXT]
On 8/11/2020 3:00 AM, MEjaz wrote:
Hello,.
I have requirement to redirect the url. Whoever typed my site \
http://newtraffic.cyberia.net.sa \
[newtraffic.cyberia.net.sa]<https://urldefense.proofpoint.com/v2/url?u=http-3A__newtra \
ffic.cyberia.net.sa&d=DwMD-g&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1 \
ecj4oDX0XM7vQ&m=u_JqEjDWgo-OocL30p2adrqMP2ANeNzVGM00nEb2SGw&s=pwH-t5l78trs4NhuTkbW_6At5rheFwUfObRpuI3RYjI&e=> \
, it should redirect to https://newtraffic.cyberia.net.sa \
[newtraffic.cyberia.net.sa]<https://urldefense.proofpoint.com/v2/url?u=https-3A__newtr \
affic.cyberia.net.sa&d=DwMD-g&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge \
1ecj4oDX0XM7vQ&m=u_JqEjDWgo-OocL30p2adrqMP2ANeNzVGM00nEb2SGw&s=KphJ7NJgAkY4K77U__kmooopvQ8L0ZTP6kNRWE06UXM&e=>
I am bit struggling to achieve this. please assit
Ejaz
As long as the request is staying on the same server, mod_rewrite is a good use for \
this and I believe avoids another request as in a redirect. The following 3 lines \
would go in your httpd.conf file.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) MailScanner has detected a possible fraud attempt from "%" claiming \
to be https://% [%]<https://urldefense.proofpoint.com/v2/url?u=https-3A__-25&d=DwMD-g& \
c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=u_JqEjDWgo-Oo \
cL30p2adrqMP2ANeNzVGM00nEb2SGw&s=JHn6HqEcexneHcW_Odljb9BQOM1USP7CjXGEHkEtitc&e=>{SERVER_NAME}$1 \
[L,R=302]
https://httpd.apache.org/docs/current/mod/mod_rewrite.html \
[httpd.apache.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__httpd.apache.o \
rg_docs_current_mod_mod-5Frewrite.html&d=DwMD-g&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0 \
SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=u_JqEjDWgo-OocL30p2adrqMP2ANeNzVGM00nEb2SGw&s=9KhRrRpZ6Rb0u_hYOPYk05kX7QhDnWdXStTv2j3hDiA&e=>
This assumes you want all http traffic handled via https and not just the root of \
your site.
Change the 302 (temporary) to 301 (permanent) once you know things are working as you \
like.
Jim
--
The Wellcome Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Add also remember to \
add the HSTS headers<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="mso-fareast-language:EN-US"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span style="mso-fareast-language:EN-US">Header always set \
Strict-Transport-Security "max-age=63072000; includeSubDomains; \
preload"<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="mso-fareast-language:EN-US"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span style="mso-fareast-language:EN-US">{only put \
includeSubDomains & preload if you can} this stops the client sending further \
HTTP requests but only HTTPS {most web servers}<o:p></o:p></span></p> <p \
class="MsoNormal"><span style="mso-fareast-language:EN-US"><br> This can stop the \
plain text password issue…<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="mso-fareast-language:EN-US"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span \
style="mso-fareast-language:EN-US"><o:p> </o:p></span></p> <div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Jim \
Albert <jim@netrition.com> <br>
<b>Sent:</b> 11 August 2020 15:07<br>
<b>To:</b> users@httpd.apache.org<br>
<b>Subject:</b> Re: [users@httpd] http-https [EXT]<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 8/11/2020 3:00 AM, MEjaz wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hello,. <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I have requirement to redirect the url. Whoever typed my site
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__newtraffic.cyberia.net.sa \
&d=DwMD-g&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX \
0XM7vQ&m=u_JqEjDWgo-OocL30p2adrqMP2ANeNzVGM00nEb2SGw&s=pwH-t5l78trs4NhuTkbW_6At5rheFwUfObRpuI3RYjI&e=">
http://newtraffic.cyberia.net.sa [newtraffic.cyberia.net.sa]</a> , it should \
redirect to <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__newtraffic.c \
yberia.net.sa&d=DwMD-g&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2 \
yp0ge1ecj4oDX0XM7vQ&m=u_JqEjDWgo-OocL30p2adrqMP2ANeNzVGM00nEb2SGw&s=KphJ7NJgAkY4K77U__kmooopvQ8L0ZTP6kNRWE06UXM&e=">
https://newtraffic.cyberia.net.sa [newtraffic.cyberia.net.sa]</a> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I am bit struggling to achieve this. please assit<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Ejaz <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><br>
As long as the request is staying on the same server, mod_rewrite is a good use for \
this and I believe avoids another request as in a redirect.<br> The following 3 lines \
would go in your httpd.conf file.<br> <br>
RewriteEngine On<br>
RewriteCond %{HTTPS} off<br>
RewriteRule (.*) <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__-25& \
;d=DwMD-g&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7 \
vQ&m=u_JqEjDWgo-OocL30p2adrqMP2ANeNzVGM00nEb2SGw&s=JHn6HqEcexneHcW_Odljb9BQOM1USP7CjXGEHkEtitc&e=">
<b><span style="color:red">MailScanner has detected a possible fraud attempt from \
"%" claiming to be</span></b> https://% [%]</a>{SERVER_NAME}$1 \
[L,R=302]<br> <br>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__httpd.apache.org_docs_cu \
rrent_mod_mod-5Frewrite.html&d=DwMD-g&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0Sq \
QnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=u_JqEjDWgo-OocL30p2adrqMP2ANeNzVGM00nEb2SGw&a \
mp;s=9KhRrRpZ6Rb0u_hYOPYk05kX7QhDnWdXStTv2j3hDiA&e=">https://httpd.apache.org/docs/current/mod/mod_rewrite.html
[httpd.apache.org]</a><br>
<br>
This assumes you want all http traffic handled via https and not just the root of \
your site.<br> <br>
Change the 302 (temporary) to 301 (permanent) once you know things are working as you \
like.<br> <br>
Jim<br>
<br>
<br>
<o:p></o:p></p>
<pre><o:p> </o:p></pre>
</div>
<br>
--
The Wellcome Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
<br></body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic