Apache HTTP to HTTPS Redirection Without VirtualHost Configuration


2 views

When working with CentOS 5.4 and Apache 2.2.11, many admins immediately think to use VirtualHost directives for HTTP-to-HTTPS redirection. However, there are valid scenarios where VirtualHost configuration isn't practical or desired:

  • Legacy systems with complex configurations
  • Environments where VirtualHost management is restricted
  • Cases needing minimal configuration changes

Since mod_rewrite is already available, we can implement this solution in either the main server configuration or .htaccess:


<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

For those preferring not to use mod_rewrite, this method works well:


Redirect permanent / https://site.com/

When implementing SSL redirection:

  • Always use 301 (permanent) redirects for SEO
  • Ensure your SSL certificate is properly configured
  • Test with various HTTP requests (HEAD, GET, POST)

After implementation, verify with:


curl -I http://site.com

You should receive a response containing:


HTTP/1.1 301 Moved Permanently
Location: https://site.com/

When working with legacy CentOS 5.4 systems running Apache 2.2.11, forcing HTTPS redirection presents unique challenges - especially when VirtualHost configurations aren't an option. This often occurs in shared hosting environments or when maintaining backward compatibility with older configurations.

The most reliable method leverages mod_rewrite, which you've confirmed is available. Add these directives to your httpd.conf or appropriate .htaccess file:


RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

For simpler cases where you only need root domain redirection:


Redirect permanent / https://site.com/

Ensure these modules are loaded in your httpd.conf:


LoadModule rewrite_module modules/mod_rewrite.so
LoadModule ssl_module modules/mod_ssl.so

After implementation:

  1. Restart Apache: service httpd restart
  2. Test with curl: curl -I http://site.com
  3. Verify you get 301 Moved Permanently response

For complete security, combine this with:


Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"