http to https to http using mod_rewrite and IBM http server

Question

Ok I have an apache IBM HTTP Server WAS 6.1 setup

I have my certs correctly installed and can successfully load http and https pages.

After a successful j_security_check authentication via https, I want the now authorized page (and all subsequent pages) to load as http.

I want this all to work with mod_rewrite because I don't want to change application code for something that really should be simple to do on the webserver.

I would think this would work but it doesn't and I fear it's because j_security_check is bypassing mod_rewrite somehow.

RewriteCond %{HTTPS} =off
RewriteCond %{THE_REQUEST} login\.jsp.*action=init [OR]
RewriteCond %{THE_REQUEST} login\.jsp.*action=submit
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]     <<-- this rule is working

RewriteCond %{HTTPS} =on
RewriteCond %{THE_REQUEST} !login\.jsp.*action=init [OR]
RewriteCond %{THE_REQUEST} !login\.jsp.*action=submit
RewriteRule .* http://%{SERVER_NAME}%{REQUEST_URI} [R,L] <--- this rule is not working or the condition is not returning true

I know the [R,L] will force the executed rule to be the last rule to run on a request and redirect accordingly.

I found this little jewel after a little googleing.

mod_rewrite: My rules are ignored. Nothing is written to the rewrite log.
The most common cause of this is placing mod_rewrite directives at global scope (outside of any VirtualHost containers) but expecting the directives to apply to requests which were matched by a VirtualHost container.

In this example, the mod_rewrite configuration will be ignored for requests which are received on port 443:

    RewriteEngine On
    RewriteRule ^index.htm$ index.html

    <VirtualHost *:443>
    existing vhost directives
    </VirtualHost>

Unlike most configurable features, the mod_rewrite configuration is not inherited by default within a <VirtualHost > container. To have global mod_rewrite directives apply to a VirtualHost, add these two extra directives to the VirtualHost container:

    <VirtualHost *:443>
    existing vhost directives
    RewriteEngine On
    RewriteOptions Inherit
    </VirtualHost>

Adding the Inherit declaration to my single virtualhost declaration that points to the machine ip and port 443 did NOT help one bit.

Now I know that my app server communicates on 9080 and 9443 respectively but I can't find a single virtualhost in the web server httpd.conf.

I did some testing with different rewrite rules while not authenticated and saw that my mod rewrite code worked..

So: how do I make websphere use mod rewrite after authentication?

It's like the web server is only used for unauthenticated requests and after that some blackbox container serves up everything somehow.

Answer 1

This is the solution for http to https to http

You have to put the condition and the rewrite rule in the virtual host like the arcticle said but for some reason inheritance didn't want to work.

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /path/login\.jsp\ HTTP/1\.1
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

   <VirtualHost 000.000.000.000:443>
    ServerName servername
    ServerAlias url.com machinename
    DocumentRoot d:/ibmhttpserver61/htdocs/en_US
    ErrorLog d:/ibmhttpserver61/logs/secerr.log
    TransferLog d:/ibmhttpserver61/logs/sectrans.log
    SSLEnable
    Keyfile d:/ibmhttpserver61/ssl/ctxroot.kdb
    SSLV2Timeout 100
    SSLV3Timeout 1000 

    RewriteEngine On
    RewriteCond %{REQUEST_URI} /path/secure/index.jsf
    RewriteRule ^(.*)$ http://url/path/secure/index.jsf [R,L]    

    </VirtualHost>

Answer 2

Wild guess: should the second logical OR be an AND (i.e. no [OR] and the RewriteCond defaults to AND)?

RewriteCond %{THE_REQUEST} !login\.jsp.*action=init
RewriteCond %{THE_REQUEST} !login\.jsp.*action=submit