3

We have an apache server which hosts multiple domains from, which some have https enabled and some do not.

Now the problem is that if I access https://exampleWithoutHttps I will come to the content of https://exampleWithHttps.

I would like to forward the user from https://exampleWithoutHttps to http://exampleWithoutHttps on all domains whithout https. I have tried to create a redirect rule in virtualhost *:443 but this creates the following error:

Server should be SSL-aware but has no certificate configured

The problem is that I cant change "Listen 443" to "Listen 443 http" as this would break my hosts with ssl enabled.

Is there a way I could have a redirect without a ssl certificate ?

Or if not possible can you propose an alternative which would ensure that https://exampleWithoutHttps does not show the content of https://exampleWithHttps.

My ports.conf

NameVirtualHost *:80
Listen 80
NameVirtualHost *:443
Listen 443

mi site condfig:

<VirtualHost *:80>
 DocumentRoot /path/to/dr
 ServerName  exampleWithoutHttps.com
 ServerAlias www.exampleWithoutHttps.com
</VirtualHost>

<VirtualHost *:443>
 ServerName  exampleWithoutHttps.com
 ServerAlias www.exampleWithoutHttps.com
 Redirect permanent /   http://www.exampleWithoutHttps.com/
</VirtualHost>
sherif
  • 151
  • 1
  • 4
  • I've come across this same issue. It is BAD to load a client's competitor's site just because they don't need SSL! – Michael Yaeger Dec 21 '16 at 13:57
  • Ok like i feared not without a certificate but is there at least a way to block a request for 443 on the wrong domain ? – sherif Dec 21 '16 at 14:32
  • Why not get a proper certificate for domains that doesn't NEED https? And, are you sure your don't need https ? If you handle any personal data, you must protect it in most countries. – Tom Dec 21 '16 at 14:51
  • I was told to generate a self-signed certificate for each domain to prevent the redirects. However, this seems like a lousy approach when you have 100 unmanaged sites on the server. – Michael Yaeger Dec 21 '16 at 17:10

2 Answers2

1

Configure any certificate for your VirtualHost *:443 and you are done.

  • Could be simply a self-signed certificate that you generate for yourself. Of course user will see a security warning. This is expected. Users specifically want https where s stands for secure. You don't hold a valid certificate for exampleWithoutHttps.com, hence you cannot give them security - it's correct they are warned about that.
  • You could also get a valid cert for free from a couple of vendors.

Place the VirtualHost *:443 of ServerName exampleWithoutHttps.com before VirtualHost *:443 of ServerName exampleWithHttps.com. I mean place it textually as the first one in the Apache's configuration files. This ensures user will not see content from exampleWithHttps.

kubanczyk
  • 13,812
  • 5
  • 41
  • 55
0

I would like to forward the user from https://exampleWithoutHttps to http://exampleWithoutHttps on all domains whithout https.

In order to do the redirect, you need to first set up a https connection. You cannot set up a https connection with out a valid certificate etc.

So to answer the question, you can't do it. Well, not in a manner that would satisfy most people who have any concerns over security anyway.

user9517
  • 115,471
  • 20
  • 215
  • 297
  • He is not looking to DO a redirect, he is looking to PREVENT a redirect. Most servers load the first site with SSL when HTTPS is requested instead of serving the current domain with an invalid certificate. – Michael Yaeger Dec 21 '16 at 17:07
  • Read the 3rd paragraph, it's the one I quoted he explicitly says what he wants to do and that's what I answered. – user9517 Dec 21 '16 at 17:18
  • >> "Now the problem is that if I access https://exampleWithoutHttps I will come to the content of https://exampleWithHttps." The OP is trying to come up with a solution within his question. Obviously, that solution doesn't work. There's no point in creating an "answer" quoting his incorrect answer and stating that it's not a correct answer. – Michael Yaeger Dec 21 '16 at 17:25
  • What about paragraph 6 as well ? `Is there a way I could have a redirect without a ssl certificate ?` the answer to which is also contained in my answer. – user9517 Dec 21 '16 at 17:26
  • if you think my answer is wrong then just down vote it - simples. – user9517 Dec 21 '16 at 17:31