Mailing List Archive: RedirectMatch and rewrite rules not working

Ever have one of those days where after staring at the configuration for hours you don’t see what you are doing wrong?
I am having that kind of day. I browse to the URLs https://evumail8prd01.ci.northwestern.edu/activate and https://evumail8prd01.ci.northwestern.edu/manage and all I get is a 404 error. Nothing usable in the logs. I know I am missing something simple but the issue is escaping me. The configuration is stolen from the existing RHEL 6 & Apache 2.2 instance combined with the Mozilla template from https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1k&ocsp=false&guideline=5.7 now on RHEL 8 & Apache 2.4

Please help!

My configuration:

# generated 2023-06-08, Mozilla Guideline v5.7, Apache 2.4.41, OpenSSL 1.1.1k, modern configuration
# https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1k&guideline=5.7

# modern configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
SSLHonorCipherOrder off
SSLSessionTickets off

SSLUseStapling Off
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

# this configuration requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
ServerName evumail8prd01.ci.northwestern.edu
ServerName evumail.northwestern.edu
ServerName umail.northwestern.edu

DocumentRoot /var/www/html
ScriptAlias /cgi-bin /var/www/cgi-bi

RewriteEngine on

# RewriteRule ^/activate /umail3/netid.php?r=a [R]
# RewriteRule ^/manage /umail3/netid.php?r=m [R]
LogLevel alert rewrite:trace6
RedirectMatch permanent ^/activate$ "https://evumail8prd01.ci.northwestern.edu/umail3/netid.php?r=a"
RedirectMatch permanent ^/manage$ "https://evumail8prd01.ci.northwestern.edu/umail3/netid.php?r=m"

<Directory /var/www/html>
Options -Indexes
</Directory>

<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
Options -Indexes
</Directory>

DirectorySlash On

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>

# Qualys
Header always append X-Frame-Options SAMEORIGIN

# Tenable
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

# enable HTTP/2, if available
Protocols h2 http/1.1

# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000"

ErrorLog logs/ssl_error_log
#LogLevel debug

CustomLog logs/ssl_agent_log agent
CustomLog logs/ssl_referer_log referer

TransferLog logs/ssl_access_log

CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

SSLEngine on
SSLCertificateFile /etc/httpd/certs/evumail8prd01_ci_northwestern_edu_cert.cer
SSLCertificateKeyFile /etc/httpd/certs/evumail8prd01_ci_northwestern_edu.key

</VirtualHost>

<VirtualHost *:80>
ServerName u.northwestern.edu
ServerAlias www.u.northwestern.edu
Redirect / https://mail.google.com/a/u.northwestern.edu/
</VirtualHost>

<VirtualHost *:443>
ServerName u.northwestern.edu
ServerAlias www.u.northwestern.edu
Redirect / https://mail.google.com/a/u.northwestern.edu/
</VirtualHost>

Darryl Baker, GSEC, GCLD (he/him/his)
Sr. System Administratorhttps://evumail8prd01.ci.northwestern.edu/activate
Distributed Application Platform Services
Northwestern University
4th Floor
2020 Ridge Avenue
Evanston, IL 60208-0801
darryl.baker@northwestern.edu<mailto:darryl.baker@northwestern.edu>
(847) 467-6674<tel:+18474676674>

Step one is to increase the log level to find the source of the 404 errors.

Then, you can use the rewrite log to debug further.

On Wed, Jul 19, 2023 at 5:36?PM Darryl Baker <darryl.baker@northwestern.edu>
wrote:

> Ever have one of those days where after staring at the configuration for
> hours you don’t see what you are doing wrong?
>
> I am having that kind of day. I browse to the URLs
> https://evumail8prd01.ci.northwestern.edu/activate and
> https://evumail8prd01.ci.northwestern.edu/manage and all I get is a 404
> error. Nothing usable in the logs. I know I am missing something simple but
> the issue is escaping me. The configuration is stolen from the existing
> RHEL 6 & Apache 2.2 instance combined with the Mozilla template from
> https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1k&ocsp=false&guideline=5.7
> now on RHEL 8 & Apache 2.4
>
>
>
> Please help!
>
>
>
> My configuration:
>
>
>
> # generated 2023-06-08, Mozilla Guideline v5.7, Apache 2.4.41, OpenSSL
> 1.1.1k, modern configuration
>
> #
> https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1k&guideline=5.7
>
>
>
> # modern configuration
>
> SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
>
> SSLHonorCipherOrder off
>
> SSLSessionTickets off
>
>
>
> SSLUseStapling Off
>
> SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
>
>
>
> # this configuration requires mod_ssl, mod_socache_shmcb, mod_rewrite, and
> mod_headers
>
> <VirtualHost *:80>
>
> RewriteEngine On
>
> RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
>
> RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
>
> </VirtualHost>
>
>
>
> <VirtualHost *:443>
>
> ServerName evumail8prd01.ci.northwestern.edu
>
> ServerName evumail.northwestern.edu
>
> ServerName umail.northwestern.edu
>
>
>
> DocumentRoot /var/www/html
>
> ScriptAlias /cgi-bin /var/www/cgi-bi
>
>
>
> RewriteEngine on
>
>
>
> # RewriteRule ^/activate /umail3/netid.php?r=a [R]
>
> # RewriteRule ^/manage /umail3/netid.php?r=m [R]
>
> LogLevel alert rewrite:trace6
>
> RedirectMatch permanent ^/activate$ "
> https://evumail8prd01.ci.northwestern.edu/umail3/netid.php?r=a"
>
> RedirectMatch permanent ^/manage$ "
> https://evumail8prd01.ci.northwestern.edu/umail3/netid.php?r=m"
>
>
>
> <Directory /var/www/html>
>
> Options -Indexes
>
> </Directory>
>
>
>
> <Directory "/var/www/cgi-bin">
>
> SSLOptions +StdEnvVars
>
> Options -Indexes
>
> </Directory>
>
>
>
> DirectorySlash On
>
>
>
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
>
> SSLOptions +StdEnvVars
>
> </Files>
>
>
>
> # Qualys
>
> Header always append X-Frame-Options SAMEORIGIN
>
>
>
> # Tenable
>
> Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
>
>
>
> # enable HTTP/2, if available
>
> Protocols h2 http/1.1
>
>
>
> # HTTP Strict Transport Security (mod_headers is required) (63072000
> seconds)
>
> Header always set Strict-Transport-Security "max-age=63072000"
>
>
>
> ErrorLog logs/ssl_error_log
>
> #LogLevel debug
>
>
>
> CustomLog logs/ssl_agent_log agent
>
> CustomLog logs/ssl_referer_log referer
>
>
>
> TransferLog logs/ssl_access_log
>
>
>
> CustomLog logs/ssl_request_log \
>
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
> SSLEngine on
>
> SSLCertificateFile
> /etc/httpd/certs/evumail8prd01_ci_northwestern_edu_cert.cer
>
> SSLCertificateKeyFile
> /etc/httpd/certs/evumail8prd01_ci_northwestern_edu.key
>
>
>
> </VirtualHost>
>
>
>
> <VirtualHost *:80>
>
> ServerName u.northwestern.edu
>
> ServerAlias www.u.northwestern.edu
>
> Redirect / https://mail.google.com/a/u.northwestern.edu/
>
> </VirtualHost>
>
>
>
> <VirtualHost *:443>
>
> ServerName u.northwestern.edu
>
> ServerAlias www.u.northwestern.edu
>
> Redirect / https://mail.google.com/a/u.northwestern.edu/
>
> </VirtualHost>
>
>
>
>
>
>
>
> *Darryl Baker, *GSEC, GCLD (he/him/his)
>
> Sr. System Administratorhttps://evumail8prd01.ci.northwestern.edu/activate
>
> Distributed Application Platform Services
>
> *Northwestern University*
>
> 4th Floor
>
> 2020 Ridge Avenue
>
> Evanston, IL 60208-0801
>
> *darryl.baker@northwestern.edu <darryl.baker@northwestern.edu>*
>
> (847) 467-6674 <+18474676674>
>