Return-Path: 
 <users-return-210-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 17153 invoked by uid 500); 4 Dec 2001 15:49:00 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 17140 invoked from network); 4 Dec 2001 15:48:59 -0000
Received: from bull.bourse.ch (HELO bull1.bourse.ch) (194.158.1.1)
  by daedalus.apache.org with SMTP; 4 Dec 2001 15:48:59 -0000
Received: (from nobody@localhost)
	by bull1.bourse.ch (8.8.8+Sun/8.8.8) id QAA02712
	for <users@httpd.apache.org>; Tue, 4 Dec 2001 16:48:59 +0100 (MET)
X-Authentication-Warning: bull1.bourse.ch: nobody set sender to
 <obo@bourse.ch> using -f
Received: from trifid2(172.20.196.132) by bull1 via smap (V2.1)
	id xma002626; Tue, 4 Dec 01 16:48:50 +0100
Received: from regulus.bourse.ch (regulus [172.20.196.148])
	by trifid2.bourse.ch (8.8.8+Sun/8.8.8) with ESMTP id QAA04909
	for <users@httpd.apache.org>; Tue, 4 Dec 2001 16:48:49 +0100 (MET)
Received: from bourse.ch (localhost [127.0.0.1])
	by regulus.bourse.ch (8.9.3+Sun/8.9.3) with ESMTP id QAA28951
	for <users@httpd.apache.org>; Tue, 4 Dec 2001 16:48:49 +0100 (MET)
Sender: obo@bourse.ch
Message-ID: <3C0CF061.9050F15A@bourse.ch>
Date: Tue, 04 Dec 2001 16:48:49 +0100
From: Owen Boyle <obo@bourse.ch>
X-Mailer: Mozilla 4.76 [en] (X11; U; SunOS 5.8 sun4u)
X-Accept-Language: en
MIME-Version: 1.0
To: users@httpd.apache.org
Subject: Re: ErrorDocument for SSLRequire ?
References: <FDEELLGDBBIIHILLDMOLEEBNCNAA.chrisg@tradek.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

Christopher Griesel wrote:
> 
> Hi, we have an mod_ssl secured site, it works great.
> I've now enabled the SSLRequire directive, but when someone connects via
> non-https, how Do I serve an customised error document?
> I've tried ErrorDocument inside the <directory> tags which have SSRequire
> and inside <virtualhost>
> Also the logfile doesn't report a error number.

Depending on your overall config, there are a couple of ways to do this.
Be careful though, you imply that there is access to an SSL area via
plain HTTP - therefore your SSL area is a sub-directory of a plain HTTP
DocumentRoot. This works but I would find a site like this difficult and
risky to maintain.

If you simply must do it like this, in the plain HTTP section (which
must encapsulate your SSL directory) put a Redirect or a RedirectMatch
to your warning page, e.g.

<Directory /home/site/html/ssl-stuff>
  RedirectMatch (.*) http://your-server/warning-page.html
</Directory>

Otherwise, you might consider re-arranging your site to separate the SSL
and non-SSL content as you would for different VirtualHosts so you have
two parallel, non-nested docroots, e.g. /home/site/html and
/home/site/ssl. Then there is no crossover and no need for error docs
since there is no path to the SSL site via HTTP. Note that SSL sites are
supposed to be reached via a live link from a plain HTTP page so there
should be no way someone should use http to connect (any more than they
should try to connect via FTP).

rgds,

Owen Boyle

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org