htaccess rewriteCond using custom http header

3
votes

There are a thousand threads on this but I must be missing something as I can't get it to work.

My nginx load balancer decrypts SSL traffic and proxies it (via Varnish) through to the content servers. It adds a custom header to the proxied request:

proxy_set_header "IS-HTTPS" "1";

I can SEE this HTTP header from the content servers:

<?php
var_dump($_SERVER["HTTP_IS_HTTPS"]);
?>

This will output string(1) "1" on a HTTPS connection, and NULL on a HTTP.

So, my .htaccess rules:

RewriteCond %{HTTP:IS_HTTPS} !="1"

RewriteRule ^(securebit.*)$ https:// %{HTTP_HOST}/$1 [R=301,L]

Doesn't work. Just gets into a redirect loop.

(NB: the space in "// %" isn't there. StackOverflow validation is falling over on it.)

Neither do:

RewriteCond %{HTTP:IS_HTTPS} !=1

RewriteCond %{HTTP:IS_HTTPS} !1

RewriteCond %{HTTP:HTTP_IS_HTTPS} !="1"

RewriteCond %{HTTP:HTTP_IS_HTTPS} !=1

RewriteCond %{HTTP:HTTP_IS_HTTPS} !1

What simple, obvious and frustrating mistake am I making?

2
apache.htaccessmod-rewriteredirect
first, this != is not valid in RewriteCond, use negative pattern instead. Also %{HTTP:header} means real HTTP-header like Host %{HTTP:Host}. - Deadooshka
Thanks for your reply. To clarify: Firstly, I'm referring to the docs at wiki.apache.org/httpd/RewriteCond which do seem to indicate that != is a valid conditional operator. Secondly, proxy_set_header does set a real HTTP header. - Wintermute
I rely on official docs. httpd.apache.org/docs/2.4/mod/mod_rewrite.html#rewritecond - Deadooshka
Ah. Official docs good. So, "Does not equal 1" would therefore be written as RewriteCond %{HTTP:TCW_HTTPS} !^1$ ? Because that doesn't seem to work either. - Wintermute
check all variables are properly defined by passing them as script parameters. - Deadooshka

2 Answers

3
votes

I had a similar problem when nginx that was listening on both http and https ports was forwarding the traffic to a local apache instance.

In the nginx configuration i added:

proxy_set_header X-Request-Protocol $scheme; #http or https

In the .htaccess file i added this:

RewriteEngine On
RewriteCond %{HTTP:X-Request-Protocol} ^http$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
2
votes

you set "IS-HTTPS" and you check for "IS_HTTPS" ?