(IHS) Rewriting HTTP (port 80) requests to HTTPS (port 443)

http://www-01.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg21114864

 

Technote (troubleshooting)

Problem(Abstract)

The rewrite module (mod_rewrite.c) provided with the IBM® HTTP Server can be used as an effective way to automatically rewrite all HTTP requests to HTTPS.

Resolving the problem

The rewrite module (mod_rewrite.c) can be used to automatically rewrite all HTTP (port 80) requests to HTTPS (port 443). This provides an effective way to ensure that all traffic to and from the IBM HTTP Server is encrypted over the Secure Sockets Layer (SSL) without having to use individual redirects or hard-coded HTTPS links.
Note: The web server should already be configured to handle HTTPS requests successfully
before attempting to implement the following suggestions. For assistance with setting up SSL in the IBM HTTP Server, visit SSL guide

First, make sure the LoadModule line for mod_rewrite is uncommented in the httpd.conf

LoadModule rewrite_module modules/mod_rewrite.so

Next, add the following to the global scope or any port 80 VirtualHost stanzas defined within the httpd.conf configuration file.

RewriteEngine on
RewriteCond %{SERVER_PORT} =80
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Finally, restart the IBM HTTP Server after making the preceding changes

Important: If using HTTP authentication, make sure it is only configured for your SSL virtual host. If it also applies to your port 80 requests, the authentication challenge can pre-empt the rewrite, resulting in user IDs and passwords being sent over an unencrypted session.

It is also recommended that you configure your port 80 virtual host with a different document root and so on, from your SSL virtual host. This is to be sure that even if your rewrite fails, sensitive information cannot be served from that virtual host over unencrypted sessions.

Related information

Module mod_rewrite..URL Rewriting Engine