Berkeley CSUA MOTD:Entry 29824
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/08 [General] UID:1000 Activity:popular
7/8     

2004/2/19 [Computer/SW/WWW/Server] UID:29824 Activity:high
2/19    I have two CGI scripts on my Apache-hosted site which I want
        to be accessed only through https. I also use relative url's
        throughout all my pages and would like to keep it this way. As
        far as I can tell, the only way to link to a page over https
        is with a fully-qualified URL. My scheme: create some Rewrite
        Rules so that if any url ends with, for ex, "-secure", rewrite
        that to https, and then add a SSLRequireSSL directive so a
        clever user will be thwarted if they try to access the page w/out
        the "-secure". Does anyone see anything wrong with this solution?
        Is there a better way?
        \_Not really. Not quite sure what the problem is with people
          directly accessing your https server vs. being linked over.
          Since http is stateless, it could create potential problems
          when users use the back/forward buttons on their browsers
          I guess...
          \_ it's not the statelessness, it's the not-wanting to write
             absolute URLs, I think
             \_ exactly, I'd rather not start sprinkling absolute URLs
                throughout the site. -op
        \_ I think the mod_rewrite cookbook page even has examples of doing
           this with a suffix like :ssl  --dbushong