Once enabled SSL termination on WebMux, some companies want to enforce HTTPS only on their site, like
web mail servers, etc. However, sometimes the web server may redirect the browser to another page, in that process,
web server did not know the original request was HTTPS encrypted, it simply redirect the browser to the
HTTP port.
In WebMux farm setup, you could enable the "tag SSL-terminated HTTP requests". By change that
to "Yes", decrypted traffic will have the added MIME header "X-WebMux-SSL-termination: true" .
You can then write script on your server to identify if the original traffic was HTTPS or
HTTP, then properly redirect the traffic to the HTTPS.
However, if you want to enforce all the traffic be HTTPS, you can modify the Apache httpd.conf file
to rewrite the URL:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:X-WebMux-SSL-termination} !^.*true
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
RewriteLog /var/log/httpd/rewrite_log
RewriteLogLevel 1
</IfModule>
** Special thanks to Richard L. Cox for his contribution.
On the Microsoft®IIS 6 server, instead of check each URL and issue rewrite on each URL, you could open
IIS MMC tool, select properties for the site, go to the directory security tag, click
the edit button at the bottom in the secure communications, then check the reqruire
secure channel option. Then go to custom error tab under IIS MMC tool to select
403;4 error and setup response "Redirect("https://my.site.com/my-error-msg.html").
On Microsoft® IIS 7 server, you can follow these steps to requrie Secure Sockets Layer (IIS7):
1) Open IIS Manager and navigate to the level you want to manage;
2) In Features View, double-click SSL Settings;
3) On the SSL Settings page, select Require SSL;
4) In the Actions pane, click Apply.
IIS 7 URL rewrite module is a seperate download from Microsoft site. You will need to configure that for URL rewrite.
|