Mobile client redirect over SSL

[hkphooey]

I managed to set up the SSL redirect for /webmail/ and /sac/ using the recommended addition at the bottom of my http.conf file (I'm running Centos, so no ssl.conf)

Code: Select all

<VirtualHost *:80>
  <LocationMatch "^/sac/*">
    RewriteEngine on
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
  </LocationMatch>
  <LocationMatch "^/webmail/*">
    RewriteEngine on
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
  </LocationMatch>
</VirtualHost>


I figured I could so something similar for the mobile access by adding a further couple of lines in the conf.

Code: Select all

  <LocationMatch "^/m/*">
    RewriteEngine on
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
  </LocationMatch>


I made the edit, and restarted apache, but this doesn't seem to be effective. What am I missing? Both URLs -- http://mail.xxxx.com/m/ and https://mail.xxxx.com/m/ -- work, but traffic isn't redirected from http to https.

Its not a deal breaker, but I like things to work ...

[kevlarmcc]

I am running Scalix on Centos and needed to add the virtual host values to the following files

/etc/opt/scalix-tomcat/connector/ajp/instance-XXX.conf
/etc/opt/scalix-tomcat/connector/jk/instance-XXX.conf

Perhaps the mobile redirect needs to be there too. This is just a guess as I have not configured the mobile client myself.

[gino909]

in my installation 11.4 i had problems with /sac and /m
they don't work with ssl because /res and /api are using urls with http instead https
so the solution is to declare that http is allowd for this functions

I've added this lines at the buttom of my virtual host directive in the non ssl defintion file (/etc/apache2/sites-enabled/000-default)

Include /etc/opt/scalix-tomcat/connector/ajp/app-mailserver.res.conf
Include /etc/opt/scalix-tomcat/connector/ajp/app-mailserver.api.conf

My question now is, is this the right way?? Whats about security, especially on the mobile client, is not the api checking the user credentials?? Is this then submitted unencrypted??

Maybe i will do some tests in the next days with a network sniffer and analyse the datastream...

Best Regards, Walter