[FX.php List] [OFF] Rewrite for forcing http to https possible?

biscuit technologies biscuit.tech at gmail.com
Wed Sep 24 12:51:59 MDT 2008 

Hey, that's great!

I don't know if this matters or if it's actually related to the NE or
something else you've got going on, but one potential gotcha might be
that other characters that should be encoded are not - so if I try to
go to:
https://lab.troymeyers.com/flasking/listing.php?genus=Name+with%20spaces

I get a result that makes me think the '+' is being ignored as whitespace.

I'm a little confused about where these encoded URLs are coming from,
are they hardcoded or being generated dynamically, but I was thinking
last night that if they are dynamic you would probably be best turning
off whatever is doing that encoding because your problem is actually
that you are encoding your URLs twice.

If you can't turn off that initial encoding then having your NE rule
helps, except it opens you up to having this problem come up again
later with newly created URLs that are dynamic and do contain
unencoded characters. I was going down a very complicated path where
you would use variables in your rewrite rule to intercept these
already encoded urls and rewrite them just so you can encode them
again.

Usually I don't like complicated solutions - because I think it
usually means I'm on the wrong track - what do you think?

- David

On Tue, Sep 23, 2008 at 7:38 PM, Troy Meyers <tcmeyers at troymeyers.com> wrote:
> David,
>
> Got it! At least I think I have.
>
> RewriteEngine On
> RewriteCond %{HTTPS} off
> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,NE,L]
>
> >From http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html ...
>
>     noescape|NE' (no URI escaping of output)
>
>     This flag prevents mod_rewrite from applying the usual URI escaping
>     rules to the result of a rewrite. Ordinarily, special characters
>     (such as '%', '$', ';', and so on) will be escaped into their hexcode
>     equivalents ('%25', '%24', and '%3B', respectively); this flag
>     prevents this from happening. This allows percent symbols to appear
>     in the output, as in
>     RewriteRule /foo/(.*) /bar?arg=P1\%3d$1 [R,NE]
>     which would turn '/foo/zed' into a safe request for
>     '/bar?arg=P1=zed'.
>
> Now, when I put in:
> http://lab.troymeyers.com/flasking/listing.php?genus=two%20names
> it turns into:
> https://lab.troymeyers.com/flasking/listing.php?genus=two%20names
>
> Unless that messes something else up, I think that's the solution.
>
> -Troy
>
>
>
>> Hi Troy,
>>
>> In re-reading your original post I realized that what's happening is you
>> are passing a URL with %20 to the rewrite engine and it's encoding the %
>> again which results in %2520 ("%% " or "percent percent space") and
>> that's why the URL fails.
>>
>> I'll think about it a bit more, but would you agree that is the actual
>> problem? If it is, then the solution is maybe to have a rewritemap that
>> handles this? Not sure, just thinking out loud.
>>
>> - David
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>

More information about the FX.php_List mailing list