Am 01.01.2013 03:55, schrieb Arne Berglund:
On 2012-12-31 17:23, Robert Moskowitz wrote:
I can't claim any real skill in configuring apache, all I can do is read readmes and copy and paste for examples and things I have running... So I SEEM to have made some real headway, but have not gotten wireshark going to see if it is really behaving as it seems. I would appreciate any input on a cleaner way to setup Roundcube as a virtual host only over TLS.
<snipped>
Robert, here's the setup I have, partially inherited and partially refined over the years. My ReWrite is in a directory declaration, and has never thrown any errors.
<Directory "/"> RewriteEngine on ReWriteCond %{HTTP_HOST} =webmail.example.org [NC] RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://webmail.example.org%%7BREQUEST_URI%7D [L,R]
</Directory>
the next one missing that without "secure only" flag the browser will send the cookies unencrypted because they are part of he request headers and the redirect happens after them