0

PS: this is the 2nd part of the question originally posted here.

I'd like to disable the HSTS header completely for specific virtual hosts. I have (per recommendation) a redirect in the 443 container for each one of these vhosts. It works fine, but Apache does not recommend using a RewriteRule unless absolutely necessary. Is it possible to perform the redirect below using only Redirect, not a rewrite ?

<VirtualHost x.x.x.x:443>
<IfModule mod_headers.c>
Header unset Strict-Transport-Security
Header always set Strict-Transport-Security "max-age=0;includeSubDomains"
</IfModule>
SuexecUserGroup "#520" "#520"
ServerName dev.domain.com
ServerAlias www.dev.domain.com
ServerAlias subdomainjr2b.dev.domain.com
ServerAlias www.subdomainjr2b.dev.domain.com
ServerAlias subdomainblah.dev.domain.com
ServerAlias www.subdomainblah.dev.domain.com
RewriteEngine On
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [redirect=302]

PS1: Domain.com has a wildcard cert, and wildcards only work for sub.domain.com, not sub.sub.domain.com, hence the need to disable hsts for these vhosts.

PS2: Don't ask me why I needed to use Header unset when I am already using Header always set. It was sending two headers to the client before Header unset was implemented, and from what I understood it should not.

Community
  • 1
Gaia
  • 1,855
  • 5
  • 34
  • 60

1 Answers1

2

The reason to use Redirect instead of mod_rewrite is that the latter takes a lot more resources than the former - and the reason for this is that the latter can do a lot more things. One of the things that mod_rewrite can do and RedirectMatch can't is to keep track of the hostname used in the request.

So, the problem here is that you want to keep using the same domain name after the redirect, and you want all domains as aliases within the same virtual host. As long as you want both these things, then mod_rewrite is the only tool.

If you could either redirect all requests to one canonical hostname, or you could split them up into one VirtualHost per domain name, it would be possible to use RedirectMatch instead, like so:

RedirectMatch ^(.*)$ https://dev.domain.com$1
Jenny D
  • 27,780
  • 21
  • 75
  • 114