Difference between revisions of "Https redirection"
m (Further separation of alternative methods and more explicit title for plain http blocking) |
|||
Line 38: | Line 38: | ||
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts | cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts | ||
− | + | nano 60redir-ibayname1 | |
Paste or type the following code including the brackets, replacing ibayname with the name of your ibay | Paste or type the following code including the brackets, replacing ibayname with the name of your ibay | ||
Line 55: | Line 55: | ||
} | } | ||
− | Save the file & exit | + | Save the file & exit by Ctrl+x |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf | /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf |
Revision as of 17:14, 1 April 2013
https forced redirection using custom template
Solution using a custom template only
These instructions come from an earlier Howto that is still applicable to sme7.x http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/rmitchell/smeserver/howto/https%20ibay%20forced%20redirection%20HOWTO%20for%20sme%20server.htm
Problem:
You want to force https access to an ibay whenever you access it using http
Solution:
Create a custom template that forces the redirection from http to https
This is a similar method to that used to force webmail to https
Information:
This how to is based on forum & devinfo posts, thanks to the posters particularly Orien Love & Tony Clayton and thanks for all the help I have received over the years from Gordon Rowell & Charlie Brady.
and
http://lists.contribs.org/mailman/public/devinfo/msg07284.html
Configuration Procedure:
If it does not already exist then create the following directory
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
nano 60redir-ibayname1
Paste or type the following code including the brackets, replacing ibayname with the name of your ibay
{ if ($port ne "443") { $OUT .= <<'HERE'; ## Redirect Web Address to Secure Address RewriteEngine on RewriteRule ^/ibayname https://%{HTTP_HOST}/ibayname ## End Of Redirect HERE } }
Save the file & exit by Ctrl+x
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/etc/init.d/httpd restart
If you wish to force https access to other ibays then make additional template fragments with a different filename that contain the same code except with the ibay name changed to suit
eg
61redir-ibayname2
Warning: If you receive errors when you expand the template that refer to not finding HERE before EOF, then make sure you have no spaces before or after the HERE entry in the code
You can download a copy of this fragment from here, remember to edit it to suit your ibayname:
Removal Procedure:
rm /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/60redir-ibayname1
and also remove any other additional ibay redirect fragments if required eg
rm /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/61redir-ibayname2
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/etc/init.d/httpd restart
Modified code to use a db setting
From http://forums.contribs.org/index.php/topic,47451.msg234224.html#msg234224
This modifies the original code slightly & needs only one 60redir-ibay custom fragment
{ use esmith::AccountsDB; my $adb = esmith::AccountsDB->open_ro(); $OUT = "";
foreach my $ibay ($adb->ibays) { my %properties = $ibay->props; my $key = $ibay->key; if ($properties{'HTTPSredir'}) { if ($properties{'HTTPSredir'} eq 'on') { if ($port ne "443") { $OUT .= " ## Redirect Web Address to Secure Address\n"; $OUT .= " RewriteEngine on\n"; $OUT .= " RewriteRule ^/$key(/.*|\$) https://%{HTTP_HOST}/$key\$1 [L,R]\n"; $OUT .= " ## End Of Redirect\n"; } } } } }
Follow the procedure from the earlier part of this Howto & then issue this db command
db accounts setprop ibayname HTTPSredir on
Alternative methods
Block plain http using custom template and db commands
Here is an alternative method based on this forum thread http://forums.contribs.org/index.php/topic,31772.new.html#new
This method requires the use of https, and will deny access if http is used.
At a command prompt do the following:
cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays
Edit the custom template fragment:
pico -w /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays
It should contain the following code:
$OUT .= "\n"; $OUT .= "#------------------------------------------------------------\n"; $OUT .= "# $key ibay directories ($properties{'Name'})\n"; $OUT .= "#------------------------------------------------------------\n"; $OUT .= "\n"; $OUT .= "<Directory /home/e-smith/files/ibays/$key/html>\n"; ## custom code addition if($properties{'SSLRequireSSL'}) { if($properties{'SSLRequireSSL'} eq 'on') { $OUT.=" SSLRequireSSL\n"; } } ## / custom code addition
Save & exit:
Ctrl c Ctrl x
Then for each ibay you wish to enable secure https access for do:
db accounts setprop ibayname SSLRequireSSL on
(where ibayname is the name of the applicable ibay)
Follow the above with:
expand-template /etc/httpd/conf/httpd.conf sv t /service/httpd-e-smith