SCIENTIFIC-LINUX-USERS Archives

November 2008

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Apache redirect help
From:
John Summerfield <[log in to unmask]>
Reply To:
John Summerfield <[log in to unmask]>
Date:
Tue, 11 Nov 2008 23:09:03 +0900
Content-Type:
text/plain
Parts/Attachments:
text/plain (94 lines) 
Michael Mansour wrote:
> Hi,
> 
>>> I realise this may not be the best mailing list for this query, but if someone
>>> knows...
>>>
>>> The problem I have is, I have an Apache website running on:
>>>
>>> http(s)://site.example.local
>>>
>>> For my local subnet (which exists in .local), I have Apache setup to do:
>>>
>>> Redirect / https://site.example.local
>>>
>>> for http (port 80) connections, so when anyone types http://site.example.local
>>> on the .local subnet they're redirected to the SSL website.
>>>
>>> When accessing this site externally on port 80, I go to:
>>>
>>> http://site1.example.com
>>>
>>> and (via DNS and PAT rules on the firewall) get:
>>>
>>> https://site.example.local
>>>
>>> as the URL in the external Web browser, which obviously doesn't work. This
>>> makes sense though because of my "Redirect / https://site.example.local entry"
>>> in Apache.
>>>
>>> How can I configure Apache to keep:
>>>
>>> Redirect / https://site.example.local
>>>
>>> for the .local subnet, while:
>>>
>>> Redirect / https://site.example.com
>>>
>>> for external subnets?
>> First, can you confirm that https://site.example.local works locally
>> and https://site.example.com works externally (I suspect that you 
>> will need two certificates) ?
> 
> Yes this works fine. The site.example.local is actually a PHP Help desk app,
> so we use this internally every day (on https://site.example.local) and our
> customers check the progress of their cases externally via
> https://site.example.com
> 
> The problem is when customers forget to enter the https and enter http, we'd
> just like it automated for them when they make a mistake in the URL.
> 
>> If the content is the same, can you redirect everyone to 
>> https://site.example.com ?
> 
> Yes the content is all the same but since PHP app is running on a server on
> our local network (in our office) and listening on a Virtual IP on the
> internal network, then we cannot visit http(s)://site.example.com from our
> local network.
> 
> The way the external people get to it is by giving the site.example.com an A
> record which points to a dedicated WAN IP and a PAT rule on the firewall to
> forward port 80 and 443 traffic to the internal Virtual IP.
> 
> In summary, you cannot go to your external WAN IP from your internal local
> network.
> 
> So I need a way to tell Apache that if the visitor is coming from the WAN
> (internet) then Redirect to https://site.example.com, if they're coming from
> our local network then Redirect to https://site.example.local
> 
> I've search the web and so far haven't been able to find a way to do this.
> 
> Regards,

Apache on the external interface as a proxy for the internal might work. 
I've done that for http, but not https.

Squid might too. I've not done that though.



-- 

Cheers
John

-- spambait
[log in to unmask]  [log in to unmask]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

ATOM RSS1 RSS2