[CentOS] apache redirection

Thu May 20 01:45:50 UTC 2010
Barry Brimer <lists at brimer.org>

> I think that I am going to push at management that this is a non-issue
> and not worth wasting any more time and see what they might say.

I'd like to point out that the following sites don't work with 
https://domain.tld/

amazon.com
usbank.com
redhat.com
etrade.com

They all present certs for www.domain.tld.  If your management feels that 
your sites would benefit greatly from this type of configuration while the 
above sites don't feel it to be necessary, I recommend that they try the 
same test on similar large sites, and if applicable, competitor's sites.

The most compatible way to do this is to have domain.tld and 
www.domain.tld resolve to different IP addresses, and have 2 certs, one 
for each name on their respective IP addresses.  TLS SNI can solve this 
with a single IP address in Fedora 12+ and RHEL 6+ (the latter of which 
doesn't exist yet) although this requires browser support of TLS SNI. 
Simply put, MS IE 6 doesn't support it, which is deeply entrenched in 
corporations.  Firefox 2.0+ supports it as do other browsers.

As for the redirection, I would handle it with mod_rewrite as follows:

<VirtualHost XXX.XXX.XXX.XXX:443>
ServerName domain.tld
RewriteCond %{HTTP_HOST}   !^www\.domain\.tld$ [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteRule ^/(.*)         https://www.domain.tld/$1 [L,R=301]
</VirtualHost>

Hope this helps.

Barry