Fran's blog

I want to redirect an HTTP connection to HTTPS on same server, to avoid wrong access through HTTP to some information that I dont want to be public, like awstats or services that I want to be secure like phpmyadmin.

The first thing that one thinks seems weird at first view, using mod_alias Redirect directive:

Redirect permanent / https://marzoa.com/

This will not work. If you try this, you’ll enter on a infinite loop with an error message from the server -flooding error- or the navigator -firefox detects the loop after a few-, or maybe you’ll get old waiting for an answer… The problem is pretty clear: You’re redirecting to the same server, so it executes again that redirection, so you’re redirecting to the same server, so it executes again that redirection, so you’re redirecting to the same server, so it executes again that redirection, so you’re redirecting to the same server, so it executes again that redirection, so you’re redirecting to the same server, so it executes again that redirection, so you’re redirecting to the same server, so it exec… ¿Is it clear enough? I hope so.

As mod_aliases doesn’t support things like:

Redirect permanent http://marzoa.com/ https://marzoa.com/

That could be a simple and clear solution for this issue, we need to find it in another module: mod_rewrite.

There’re two ways of doing this using mod_rewrite instead of mod_aliases, the first is that I use and I know that it works:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

I’ve not tested yet next one, but it should work also in the majority of systems:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://marzoa.com/$1 [R,L]

The main problem with the last is that you may be running your apache in another port different from 80, so you’ll need to change the RewriteCond. The first one the port doesn’t do matter.