I have set up a Drupal 6 site on a dedicated server, and enabled SSL through the "Matrix" control panel which was installed on it.
The problem is now, the site ONLY loads pages from https. Most of the images wont load either, I presume this is related to the same thing. Ideally I want both http and https to work, then I can sort out the redirects for pages that need to be secure.
The error presented on attempting to load a regular http page is:
**Bad Request** Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.
Can anyone point me in the right direction?
Edit:
In sites-enabled/domainname.co.uk there is a <VirtualHost> set up for the IP of the server, using port 80 like so:
<VirtualHost xx.xx.xx.xx:80>
ServerName xx.co.uk
ServerAlias www.xx.co.uk
ServerAdmin [email protected]
DocumentRoot /home/default/xx.co.uk/user/htdocs
ErrorLog /home/default/xx.co.uk/user/logfiles/error_log
TransferLog /home/default/xx.co.uk/user/logfiles/access_log
php_admin_value open_basedir /tmp:/home/default/xx.co.uk
SuexecUserGroup xx matrixdomain
ScriptAlias /cgi-bin/ /home/default/xx.co.uk/user/htdocs/cgi-bin/
AddHandler server-parsed .shtml
AddType text/html .shtml
<Location />
Options +Includes
</Location>
# Begin user directives <--
# --> End user directives
Would I need to make another one for 443?
In ports.conf I have
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here
Listen 443
</IfModule>
Seems that your Apache httpd is misconfigured and tries to serve HTTPS on the HTTP port (take a look at your virtual host configuration for the Drupal site) or you are using a scheme like http://example.com:443/ to access your Drupal installation, which will not work either.
HTTP should be served on port 80 HTTPS should be served on port 443
Your site should work on: http://www.domain.com https://www.domain.com.
It could be one of a few things:
I think that summarizes what the issue could be, let us know your solution!
+1 Use the Secure Pages module (if you're not already)
Cheers
i thing follow doc will help u
Apache: Redirect http to https Apache secure connection – force HTTPS Connections
Let us say you have webmail sub-domain called http://mail.chida.in and you would like to redirect it to https secure connection i.e. https://mail.chida.in.
This will help you protect user privacy and sensitive information such as username and password remotely.
So how do you configure your Apache web server so that you prevent your web sites from being accessed without encryption? Redirect http to https Apache Configuration
First make sure Apache is configured for HTTPS connection and necessary SSL certificates are installed. No non-ssl access i.e. only accept https connections
Now open httpd.conf or .htaccess file (mod_rewrite not required):
vi httpd.conf
Append following line : Redirect permanent / https://mail.chida.in/ Any request made to http://mail.chida.in will goto https://mail.chida.in/
Save and close the file. Restart the Apache:
/etc/init.d/httpd restart
This is easiest way to ensure that your normal user never use plain text HTTP protocol to send data. Now this makes it much harder to sniff sensitive data. Force webmail login over SSL https session
So if you want force users to access their webmail through https, add following configuration to .htaccess file:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Make sure you have something as follows in httpd.conf (mod_rewrite support): LoadModule rewrite_module modules/mod_rewrite.so