Hi,

I have a problem and want some hints if and how this can/may be solved.

1) there is an Apache (1.3.26) on Linux. SAP hinders me from using newer
versions ;-), the Apache is the base server for the SAP ITS

2) in httpd.conf, there are various virtual hosts:
NameVirtualHost *:80
NameVirtualHost *:8080
NameVirtualHost *:8081
and so on, with the corresponding
<VirtualHost *:8080>
..
</VirtualHost>
directives following.

3) This works fine :-)


But now we want to use https:// instead of http://.

Since many co-workers have set their bookmarks to the old URLs we want to
"switch" those ports to https://-ports via a rewrite rule (one per virtual
host):
RewriteEngine on
RewriteRule ^/(.*)$ https://%{SERVER_NAME}:8081/$1 [R,L]
(of course the ":8081" in this sample differs in the virtual hosts)

But this does not work, there are some "SSL handshake failed: HTTP spoken
on HTTPS port; trying to send HTML error page (OpenSSL library error
follows) [error] OpenSSL:  error:1407609C:lib(20):func(118):reason(
156)" 
in
the logs.

Certificates are installed and working. When accessing via https://
everything seems to work - at least there are no errors appearing ;-). But
the rewrite rule does not work properly (I think so because of the error
text you see above).

Do we have to use other ports for https:// as for http:// or is the rule
faulty?

Thanks ind advance
Werner

[ Post a follow-up to this message ]

*** Werner Flamme wrote/escribió (Mon, 21 Mar 2005 15:59:38 +0100):
> *sigh* those co-workers are mostly scientists. Did you ever try to convinc
e
> a scientist to change a bit of the configuration of his computer? "No time
,
> research is more important" is whta you get mosz of the time.

That's easy: rather than using a transparent HTTP redirection, use a
client-side redirection with a text like this:

"Page moved. You'll be redirected to new location in 600 seconds."

Any intelligent scientist will realize that research time will improve
updating bookmarks instead of waiting 


Now seriously, the redirect solution should work fine, just don't forget
the trailing slash:

RedirectPermanent / https://www.example.com/



--
-- Álvaro G. Vicario - Burgos, Spain
-- Don't e-mail me your questions, post them to the group
--

[ Post a follow-up to this message ]

On Mon, 21 Mar 2005, Werner Flamme wrote:
> ...
> Do we have to use other ports for https:// as for http:// or is the rule
> faulty?

Yes.  Other ports are needed.

[ Post a follow-up to this message ]

On Mon, 21 Mar 2005, Werner Flamme wrote:
> ...
> Do we have to use other ports for https:// as for http:// or is the rule
> faulty?

Yes.  Other ports are needed.

[ Post a follow-up to this message ]

Werner Flamme schrieb am 21.03.2005 15:04:
> Hi,
>
> I have a problem and want some hints if and how this can/may be solved.
>
> 1) there is an Apache (1.3.26) on Linux. SAP hinders me from using newer
> versions ;-), the Apache is the base server for the SAP ITS
>
> 2) in httpd.conf, there are various virtual hosts:
> NameVirtualHost *:80
> NameVirtualHost *:8080
> NameVirtualHost *:8081
> and so on, with the corresponding
> <VirtualHost *:8080>
>   ...
> </VirtualHost>
> directives following.
>
> 3) This works fine :-)
>
>
> But now we want to use https:// instead of http://.
>
> Since many co-workers have set their bookmarks to the old URLs we want to
> "switch" those ports to https://-ports via a rewrite rule (one per virtual
> host):
> RewriteEngine on
> RewriteRule ^/(.*)$ https://%{SERVER_NAME}:8081/$1 [R,L]
> (of course the ":8081" in this sample differs in the virtual hosts)
>

Well, we found the solution now. It is not so simple as one may guess ;-)

First of all, we called the complete URL
http://foobar:8081/scripts/wgate/webgui/!

Now we noticed that this was /not/ rewritten.

Then we called http://foobar:8081/ and rewriting worked well.

After quite a long search we found SAP ITS (wgate) as the guilty one: any
URL beginning with /scripts/wgate/ was captured by the SAP wgate /before/
Rewrite or Redirect could jump in.

So we had to disable the wgate on the http:// port first, then the
redirections worked. SAP provides note 688295 for wgate configuration. It
just took a long time until we recognized SAP wgate was the culprit ;-)

Many thanks for all the hints!

Werner

[ Post a follow-up to this message ]