Comment 0 for bug 1748466

Evergreen versions: 2.12.8 and 3.0.3
OpenSRF versions: Irrelevant
PostgreSQL version: Irrelevant
Apache version: 2.4+

If you install the web staff client on a server with Apache 2.4 and attempt to access it as http://host.tld/eg/staff/ you get a 403 Forbidden error rather than being redirected to https.

If you do the same with Apache 2.2 on the host, the redirect works.

Apparently the order of directory evaluation changed from Apache 2.2 to Apache 2.4. It looks like the SSLRequireSSL directive is being evaluated before any Rewrite* rules.

Removing the SSLRequireSSL form the /eg/staff location stanza in eg_vhost.conf.in allows the RewriteRule to take effect on Apache 2.4.

I will submit a branch to correct this in the example config shortly.