3

I have a Mac Mini Server, running macOS Sierra (10.12.2) with macOS Server (5.2). This comes with a built-in Apache server, which is set up to listen on ports 80 and 443. This works fine; documents are accessible over both HTTP and HTTPS.

However, as soon as I use the SSLRequireSSL directive in the .htaccess file, it stops working. In the browser, when accessing https://www.example.com/path/document, I see the following:

Forbidden

You don't have permission to access /path/document on this server.

Apache Server at www.example.com Port 80

Note that the error message mentions port 80, even though it is served over HTTPS / port 443 (I checked this with curl - so browser redirects aren't an issue here). But this could be related to the source of the problem.

In the Apache error log, the following is shown:

[Sun Jan 29 16:38:07.674342 2017] [ssl:error] [pid 82204] [client 127.0.0.1:50195] AH02219: access to /Users/Glorfindel/wwwroot/path/document failed, reason: SSL connection required

Other directives in the .htaccess file do work (e.g. Options -Indexes).

Glorfindel
  • 1,213
  • 4
  • 15
  • 22
  • I can post relevant parts of the httpd.conf files (due to the nature of macOS Server these are spread over different places), but I'm not exactly sure what to look for. – Glorfindel Jan 29 '17 at 16:24
  • You can run HTTPS on port 80 if you really want to, but it barely ever makes any sense. I'd say that "port 80" is a very strong indication of why you are getting the error. – user Jan 30 '17 at 16:03
  • @MichaelKjörling in my case, port 80 is only used for HTTP and port 443 only for HTTPS. You can't even change this in macOS Server. – Glorfindel Jan 31 '17 at 19:35
  • If I try to access `https://www.example.com:80`, the browser tells me "can't establish a secure connection to the server", and `http://www.example.com:443` gives "Bad Request" - "Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please." – Glorfindel Jan 31 '17 at 19:38

1 Answers1

2

You are not accessing https.

The error you are showing clearly says: "Apache Server at www.example.com Port 80"

Make sure you really access https, make sure there are not redirects that send you to http (using your browsers web console for example).

Based on your comments, here is a tip to see what is happening:

curl -I https://www.example.com/path/document

This will show you an uncached answer from your server, if you have access or not, and/or if you are getting a redirection to http.

user
  • 4,335
  • 4
  • 34
  • 71
Daniel Ferradal
  • 2,415
  • 1
  • 8
  • 13
  • I'm reasonably sure I'm using HTTPS. For example, if I block traffic over port 80, content is still being served over HTTPS/port 443. – Glorfindel Jan 30 '17 at 15:46
  • precisely why you are asking a question and you have a problem, the hard evidence I insist is the error you pasted in which it says Apache server at... port 80" – Daniel Ferradal Jan 30 '17 at 15:52
  • But - how is that possible? Could there be some internal redirect from the virtual host listening on port 443 to the one on 80? – Glorfindel Jan 30 '17 at 15:54
  • an external redirection, I suggested you to use your browsers web console, or curl, make sure you are not getting a cached redirect either, permanent redirections are cached by browsers. – Daniel Ferradal Jan 30 '17 at 15:58
  • an easy way to see it `wget -I https://www.example.com/path/document` and paste the output – Daniel Ferradal Jan 30 '17 at 16:04
  • I checked with curl already, but maybe at a wrong time. I'll doublecheck when I get home, thanks so far. – Glorfindel Jan 30 '17 at 16:04
  • my apologies, not sure why wget got into my head today, I meant curl, `curl -I https://.....` – Daniel Ferradal Jan 30 '17 at 18:25