2

I've been trying to use Apache RedirectMatch to send most requests to SSL, but still allowing the Lets Encrypt challenge to work:

    RedirectMatch permanent ^/(?!\.well\-known/acme\-challenge)(.*)$ https://example.com/$1

This redirects the bare domain, example.com, to https://example.com. It also allows through the Lets Encrypt challenge without redirection. But it fails to redirect anything that is more than just the domain, so e.g. example.com/page goes to page, but not SSL.

Regex tests suggest that it should work, but it doesn't. Any suggestions?

mbrampton
  • 311
  • 4
  • 12
  • what you describe "example.com/page goes to page, but not SSL" is a redirection loop, and that redirectmatch includes the scheme in the target so everything redirected under it should go where it points literally, so either there is another redirection overriding this or.... by the way the characer "-" does not need to be escaped – Daniel Ferradal Nov 20 '17 at 16:41
  • Thanks for pointing out that in Apache regex hyphen doesn't need escaping. I'm not with you on the other point, example.com/page doesn't redirect, it goes to http://example.com/page. But the regex should match anything at all that isn't ".well-known/acme-challenge". SFAIK anything except the "well-known" URI should be redirected to https://example.com. There are also RewriteRules, but as I understand it the RedirectMatch will run first, regardless of where they are written. So they shouldn't affect things. – mbrampton Nov 21 '17 at 18:21
  • well, you are saying it yourself, /page should go to https, the negative lookahead is clear, perhaps look in the config for something interefering or debug to findout what's overriding the redirection. – Daniel Ferradal Nov 22 '17 at 12:22
  • Thanks, that's exactly the problem. It should go to https, but it doesn't. There isn't another Redirect or RedirectMatch, and since they should take priority over any other rewrites, the problem is why. How can you debug a RedirectMatch? – mbrampton Nov 23 '17 at 18:15

0 Answers0