2

I want to be able to redirect all traffic from http to https on our apache config, except for if the incoming request is from a specific source (in this case, it's originating from the same IP as the server).

Context: we have a Zend server running a php application with an apache config, and the same Zend server is also running a Job Queue which runs a http job to one of our REST endpoints. Obviously, we can't route this over https as it's internal traffic, but i'm not sure how to structure our RewriteConds so that it will correctly fall through and serve http only for that specific requester, but https for everyone else.

Here is the cond at the moment - i'm really not all that familiar with Apache syntax, but I've got to work with what I know ;)

<VirtualHost *:80>
    TimeOut 5600
    ServerName <name>
    ServerAlias <alias>
    RewriteEngine On
    RewriteCond %{HTTP_HOST} !=example\.com\:80
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
    DocumentRoot <docroot>
    RewriteCond %{REQUEST_URI} !^(/index\.php|/favicon\.ico|/robots\.txt|/a/css(.*)|/a/js(.*)|/a/i(.*)|/alive\.html)
    RewriteRule ^(.*)$ /index.php/$1 [L]
    <Directory "<docroot>">
        Options All
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:443>
    TimeOut 12000
    ServerName <name>
    ServerAlias <alias>
    DocumentRoot <docroot>
    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^(/index\.php|/favicon\.ico|/robots\.txt|/a/css(.*)|/a/js(.*)|/a/i(.*)|/alive\.html)
    RewriteRule ^(.*)$ /index.php/$1 [L]
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    <Directory "<docroot>">
        Options All
        AllowOverride All
        Require all granted
    </Directory>
    SSLEngine on
    ...ssl etc
</VirtualHost>
Stephen Wright
  • 123
  • 5

1 Answers1

3

The %{HTTP_HOST} refers to the server hostname i.e. the Host: header, while your desired condition is the specific source IP address. You should be comparing %{REMOTE_ADDR}, instead:

RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1

Also, you can use HTTPS for local traffic, but it's not necessary.

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
  • I'll give that a go, thanks :) Just as a sanity check for my own understanding of Rewrites - only 1 RewriteRule applies to the logic chain, correct? So the logic here is: if the `REMOTE_ADDR` is not 127.0.0.1, and if `HTTPS` is not on, then execute the first RewriteRule (i.e. redirect all traffic to https), otherwise drop through to the rest of the http directive? – Stephen Wright Mar 18 '19 at 00:17
  • This worked (though it turns out it's not actually serving the requests from 127.0.0.1 but instead the global IP - need to sort that out next, thanks!) – Stephen Wright Mar 18 '19 at 09:50