0

I have a system where I'm hosting a number of SSL sites on my server. I also need to setup OAuth for each domain, with Google and Yahoo in particular. They each require verification files be installed on the server, in order to validate ownership. There are so many of these files now that they're clogging my root directory. So I want to set up a rewrite rule to sends a request to a particular URL to a verification file directory, like so:

RewriteRule (^/googlew*.html$) /verifications$1

This sends a Google verification file request such as http://server/google27c81d94580e55dd.html to http://server/verifications/google27c81d94580e55dd.html, and without rewriting the URL it works fine.

But when the request goes to an SSL URL, it fails. Here's my configuration:

<VirtualHost *:80>
            ServerName <domain>
            DocumentRoot /www/public
            RewriteEngine On
            RewriteRule (^/googlew*.html$) /verifications$1 [R]
            RewriteRule (^.*--.html$) /verifications$1 [R]
</VirtualHost>

<VirtualHost <ipaddress>:443>
            SSLEngine On
            ServerName <domain>
            DocumentRoot /www/public
            RackEnv production
            RewriteEngine On
            RewriteRule (^/googlew*.html$) /verifications$1 [R]
            RewriteRule (^.*--.html$) /verifications$1
            SSLProtocol all
            SSLCipherSuite HIGH:MEDIUM
            SSLCertificateChainFile /usr/share/ssl/crt/intermediate.crt
            SSLCertificateFile /usr/share/ssl/crt/<domain>/<domain>.crt
            SSLCertificateKeyFile /usr/share/ssl/crt/<domain>/<domain>.key
</VirtualHost>

So when the request is non-secure HTTP, it works fine. When it's secure HTTPS, it fails. Any suggestions as to why?

UPDATE As requested, here's the output of the Rewrite Log at level 3:

init rewrite engine with requested uri /google27c81d94580e55dd.html
applying pattern '(^/googlew*.html$)' to uri '/google27c81d94580e55dd.html'
applying pattern '(^.*--.html$)' to uri '/google27c81d94580e55dd.html'
pass through /google27c81d94580e55dd.html

Now here's the funny thing: prior to making my original post, as I said the non-secure version was working fine. After I posted, the non-secure version stopped working as well! The log entry I've just pasted in is what I get when running the non-secure version. Face. Exploding.

Aaron Vegh
  • 117
  • 5
  • What fails exactly - do you mean the request isn't redirected correctly, or do you mean that the Google verification fails? Also, if the only concern is that the files aren't clogging up your root directory, I wouldn't use the `[R]` flag at all - you might as well let the redirection happen entirely internally in your Apache, without clients knowing the file isn't in the root dir. – meulop Mar 16 '12 at 16:55
  • The request isn't redirected correctly. In mod_rewrite parlance, it "passes through", according to the log. Seems a clear case of not matching. I also removed the [R] flag later, but it snuck into my code above. – Aaron Vegh Mar 16 '12 at 16:57
  • Odd. Can you post an excerpt of the rewrite_log at some useful `RewriteLogLevel`? – meulop Mar 16 '12 at 18:39
  • Added, as per request... – Aaron Vegh Mar 16 '12 at 19:31
  • Hmm, that one looks like it's failing because it doesn't match the 'w's in `^/googlew*...` – meulop Mar 16 '12 at 22:28

1 Answers1

1

A few things:

  • Parens shouldn't be around your ^ and $.
  • You probably meant \w*, instead of w*; that will match those characters.
  • Make sure you escape special characters

So, try this:

RewriteRule ^(/google\w*\.html)$ /verifications$1 [R]

I'm not following the intent of your second rule; can you clarify?

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • It "just works". Thank you so much. The mystifying thing about this problem was that I tried *many* variations, and found some that worked. And then didn't. It was very frustrating. But this is working for now, so I'm happy! – Aaron Vegh Mar 19 '12 at 12:44
  • Oh, btw. The second rule is for a Yahoo verification file. Never had any problems with that, though I'll fix those parens and then be extra-good. :) – Aaron Vegh Mar 19 '12 at 12:45