Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Andy Fragen
Andy Fragen Author
User level: Level 1
6 points

Only webmail SSL

Here's what I'm trying to do.

I'd like to make it so my webmail using SquirrelMail runs over SSL, but that the rest of the domain's directories are not encrypted.

So far I've been able to accomplish this by creating a second nearly identical site under Server Admin > Web > Sites and making the second site use SSL and point it's web server alias to example.com/webmail. This seems to work as I can access other parts of the site using http and webmail only using https.

Here's my question. First, I'm not sure if this is the correct way of setting this up but it seems to work. More importantly, I'd like to make it so I get URL rewriting from 'http://example.com/webmail' to 'https://example.com/webmail'

I've tried most things I can think of but I just can't seem to get this to work. Any ideas?

Mac OS X (10.5.2)

Posted on May 20, 2008 1:41 PM

Reply
Question marked as Best reply
User profile for user: jaydisc
jaydisc
User level: Level 4
1,464 points

Posted on May 20, 2008 8:11 PM

OK,

On the SSL site, you of course have Webmail enabled. On the Non-SSL site, it should NOT be enabled.

On the Non-SSL site, you should setup a RedirectMatch under Aliases and Redirects as follows:

Pattern: /webmail(.*)
Path: https://example.com/webmail$1

The (.*) and the $1 means that if they typed anything AFTER webmail that will remain on the URL when redirected to https.

Now, what do you want to happen when the user navigates to a non=webmail part of the site over ssl? Do you want it to rewrite them back to http or is this enough?

EDIT: i accidentally hit the post message too soon.
View in context
19 replies
User profile for user: jaydisc
jaydisc
User level: Level 4
1,464 points

May 22, 2008 4:23 PM in response to Andy Fragen

The RedirectMatch is not aware of the host name coming through, so you would need to use a mod_rewrite rule which I can help you with. But I need to understand a bit better what you want to try and accomplish. Are you thinking the following:

Site 1: webmail.domain1.com - NOT SSL - with aliases of webmail.domain2.com, webmail.domain3.com, etc. - Any hit to this site(s) will simply redirect to its https equivalents

Site 2. webmail.domain1.com - SSL WEBMAIL

Site 3. webmail.domain2.com - SSL WEBMAIL

Site 4. webmail.domain3.com - SSL WEBMAIL

You should only leave them separate if you have an IP dedicated to each. Or are you thinking that you'd combine site's 2, 3 and 4? If so, you should only use one name, and if you're doing that, you don't need to maintain the domain name in the site 1 redirect.

Does that make sense? Did I understand you correctly?

Message was edited by: jaydisc for clarity
Reply
User profile for user: Andy Fragen
Andy Fragen Author
User level: Level 1
6 points

May 23, 2008 8:26 AM in response to jaydisc

Actually, here's exactly what I've got going on now. I have a single static IP an I host multiple semi-independent domains. Some just have WWW others have both WWW and MAIL. Only some of the domains with MAIL have Webmail available. Currently I'm only using the SSL for MAIL so I also want to use SSL with Webmail.

Site1: domain1.com - Non-SSL redirect webmail to /webmail https://webmail.domain1.com
Site2: domain2.com - Non-SSL redirect webmail to /webmail https://webmail.domain2.com
Site3: domain3.com - Non-SSL redirect webmail to /webmail https://webmail.domain3.com
Site4: webmail-443 - SSL, Webmail only. Aliases for webmail.domain1.com, webmail.domain2.com and webmail.domain3.com

So far this setup works great. I only need a single site to redirect all the SSL-based webmail. What I'd like is for a single site to redirect all the Non-SSL requests for webmail, ie http://webmail.domain1.com to https://webmail.domain1.com. But I'd like to be able to accomplish this for all domains with webmail in a single site similarly to how it seems to work for the SSL webmail.

Optimally, here's what I'd like.

Site5: webmail-80 - Non-SSL Webmail Redirect Only. Aliases for webmail.domain1.com, webmail.domain2.com and webmail.domain3.com
RedirectMatch /webmail(.*) to https:/webmail$1 (or something else that might work for any and all domains)

The idea being that it would match all incoming port 80 requests for webmail and route them to https and port 443. So far the only way I have it working is with a separate site for each domain with a RedirectMatch (.*) https://webmail.[domain].com.

Does that explain it?
Reply
User profile for user: jaydisc
jaydisc
User level: Level 4
1,464 points

Jun 2, 2008 12:45 AM in response to Andy Fragen

It took me about 3 or 4 times reading it, with a week in between allowing me to digest it, but I get it.

So, you will have ONE non-ssl webmail site. This will be the virtual host for webmail.domain1.com, webmail.domain2.com, webmail.domain3.com, etc. And, you want to configure one nice redirect that will redirect the user to the HTTPS version of the same hostname they rode in on.

Unfortunately, we can't just change the http into an https. We have to trap for each possible domain in mod_rewrite and redirect it to its https equivalent, like this: 

RewriteEngine On
RewriteCond %{HTTP_HOST} webmail.domain1.com
RewriteRule ^(.*) https://webmail.domain1.com/$1 [R=301]
RewriteCond %{HTTP_HOST} webmail.domain2.com
RewriteRule ^(.*) https://webmail.domain2.com/$1 [R=301]
RewriteCond %{HTTP_HOST} webmail.domain3.com
RewriteRule ^(.*) https://webmail.domain3.com/$1 [R=301]


You can put this in the site's config file or as an .htaccess file.
Reply

Only webmail SSL

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up