Redirection problem with non SSL-sites

Discussion in 'ISPConfig 3 Priority Support' started by Adde, Dec 1, 2016.

  1. Adde

    Adde New Member HowtoForge Supporter

    Hello,

    I have a couple of sites hosted on my ISPConfig 3 server and the majority of them use the LetsEncrypt SSL-certificates.
    They all force SSL usage with the following Apache-directive (individually per site):
    Code:
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] 
    Works flawlessly with sites that has the LetsEncrypt certificate.

    However.. For the sites that does not have any certificates and no RewriteRules, if I input https://domain.com for that non SSL activated site, I'm redirected to ANOTHER webpage on my server (seems to redirect to the first SSL activated page in alphabetical order(not confirmed)).

    Is this the expected behavior? If not, how can I prevent this from happening? It's somewhat embarrasing towards some customers sometimes when this happens :)

    And yes, for the most part I could activate SSL on all the sites but I want to understand what is happening under the hood and why.

    Scenario:
    https://encryption-DISABLED-site.com --Redirects--> https://another-encryption-ENABLED-site.com

    I'd gladly share more information, just let me know what you need from me.
     
  2. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    If calling a website that has no ssl active the first website with ssl active will always be shown. This cannot be changed.
    What you can do is creating a default website with ssl active that either redirects to non-ssl or shows a "no ssl available page". You have to make it load first by naming the vhost file something like 000-alwaysnossl.conf (because apache loads them in alphabetical order).
     
    Adde likes this.
  3. Adde

    Adde New Member HowtoForge Supporter

    Thanks a bunch Croydon, will try that out!
     

Share This Page