2

I'm trying to redirect users from accessing my website through direct IP. I used certbot to configure automatically the redirection http->https.

So far, my web site is accessible from :

https://example.com
https://www.example.com
http://example.com (-> https redirection ok)
http://www.example.com (-> https redirection ok)
example.com (-> https redirection ok)
www.example.com (-> https redirection ok)

Problem is : when i enter direct ip adress in my browser, firefox says https://xx.xx.xx.xx not secured error page and Edge allow the unsecure connexion.

What i have done so far using StackOverflow is : Creating a new 000-catch-all.conf (not sure if really usefull):

<VirtualHost xx.xx.xx.xx:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot....
Redirect permanent / https://www.example.com
</VirtualHost>

My example virtualhost :

<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot    
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI [END,NE,R=permanent]
</VirtualHost>

My SSL example virtualHost :

<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot....
SSLCertificateFile...
</VirtualHost>

All 3 VirtualHost are enabled, apache has been restarted. Cant find a way to redirect direct ip access. Any hints?

Thx

Arnaud

Home
  • 43
  • 2
  • 6

1 Answers1

1

By default, when Apache does not receive a domain name in the request (in your context, it gets the IP address), it uses the first VirtualHost it finds. Here, the *:80 one.

In there, you say RewriteCond, if = ... Instead, remove the RewriteCond completly and always force redirect to https.

Like here: https://wiki.apache.org/httpd/RedirectSSL Or: http to https apache redirection

Nic3500
  • 8,144
  • 10
  • 29
  • 40