default https site

Virtualmin
1

hi
i have one https site with certificate
whenever someone types in the url of any other domain with https protocol (like https://globalsolidarity.eu), then he is redirected to that site (https://cvsite.info)

the https site is running on the same IP as all other sites, only on port 443 obviously.

I can understand it falls back to the default https site. However I want to change that behavior and show a standard message, something like: Please use http in the url, not https.

How can I do this?

thanks

2

Howdy,

It sounds like you may have some mod_rewrite stuff going on in your ssl.conf.

I believe you use CentOS, correct?

What does this show:

grep -i rewrite /etc/httpd/conf,d/ssl.conf

If mod_rewrite is what’s being used there, you should be able to tweak it to go to a custom page that has a message you want (or, if you preferred, to automatically redirect to the “http” URL).
-Eric

3

grep -i rewrite /etc/httpd/conf.d/ssl.conf doesnt show anything.
I am on Centos 5.2

There is only one ssl site so it may defer any other site to this one as per apache default. Is that correct?

In that case I should be able to create a dummy ssl site with a default page. Better would be to redirect to the http protocol for any site.

thanks

4

I’m not sure which setting is doing that (and my system doesn’t redirect the way yours does).

Is there any rewrite code in /etc/httpd/conf/httpd.conf?

If not, would you consider posting your ssl.conf file? Feel free to hide any actual sites or ip addresses, but I’m curious what other settings are active in there.
-Eric

5

Im guessing its the Listen *:443 ?

# # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these # directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. #

LoadModule ssl_module modules/mod_ssl.so

When we also provide SSL we have to listen to the

the HTTPS port in addition.

Listen *:443

SSL Global Context

All SSL configuration in this context applies both to

the main server and all SSL-enabled virtual hosts.

Some MIME-types for downloading Certificates and CRLs

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

Pass Phrase Dialog:

Configure the pass phrase gathering process.

The filtering dialog program (`builtin’ is a internal

terminal dialog) has to provide the pass phrase on stdout.

SSLPassPhraseDialog builtin

Inter-Process Session Cache:

Configure the SSL Session Cache: First the mechanism

to use and second the expiring timeout (in seconds).

#SSLSessionCache dc:UNIX:/var/cache/mod_ssl/distcache
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300

Semaphore:

Configure the path to the mutual exclusion semaphore the

SSL engine uses internally for inter-process synchronization.

SSLMutex default

Pseudo Random Number Generator (PRNG):

Configure one or more sources to seed the PRNG of the

SSL library. The seed data should be of good random quality.

WARNING! On some platforms /dev/random blocks if not enough entropy

is available. This means you then cannot use the /dev/random device

because it would lead to very long connection times (as long as

it requires to make more entropy available). But usually those

platforms additionally provide a /dev/urandom device which doesn’t

block. So, if available, use this one instead. Read the mod_ssl User

Manual for more details.

SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512

Use "SSLCryptoDevice" to enable any supported hardware

accelerators. Use "openssl engine -v" to list supported

engine names. NOTE: If you enable an accelerator and the

server does not start, consult the error logs and ensure

your accelerator is functioning properly.

SSLCryptoDevice builtin
#SSLCryptoDevice ubsec

SSL Virtual Host Context

6

I’m sorry Ronald, I guess I’ve been stalling on a reply as I’m not sure sure what’s doing that redirect :slight_smile:

In theory, having a *:443 wouldn’t generate an actual redirect; it would just attempt to listen on all interfaces (which is actually undesirable, but probably isn’t what we’re looking for here).

You don’t happen to have a .htaccess file in the public_html dir that may be doing that, do you?
-Eric

7

i have the default joomla .htaccess in there, but the ‘redirect’ is taking place before one reaches the https site.
I have the idea that apache is simply delivering the first ssl site it sees. Would that be correct?

.htaccess

## Can be commented out if causes errors, see notes above. Options +FollowSymLinks

mod_rewrite in use

RewriteEngine On

########## Begin - Rewrite rules to block out some common exploits

If you experience problems on your site block out the operations listed below

This attempts to block the most common type of exploit attempts to Joomla!

Block out any script trying to set a mosConfig value through the URL

RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]

Block out any script trying to base64_encode crap to send via URL

RewriteCond %{QUERY_STRING} base64_encode.(.) [OR]

Block out any script that includes a <script> tag in URL

RewriteCond %{QUERY_STRING} (&lt;|%3C).script.(&gt;|%3E) [NC,OR]

Block out any script trying to set a PHP GLOBALS variable via URL

RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]

Block out any script trying to modify a _REQUEST variable via URL

RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})

Send all blocked request to homepage with 403 Forbidden error!

RewriteRule ^(.*)$ index.php [F,L]

########## End - Rewrite rules to block out some common exploits

Uncomment following line if your webserver’s URL

is not directly related to physical file paths.

Update Your Joomla! Directory (just / for root)

RewriteBase /

########## Begin - Joomla! core SEF Section

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|.php|.html|.htm|.feed|.pdf|.raw|/[^.])$ [NC]
RewriteRule (.) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

########## End - Joomla! core SEF Section