httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: [users@httpd] redirecting or rewriting urls of aliased directories to SSL port
Date Tue, 27 Aug 2002 14:24:32 GMT
On Tue, 27 Aug 2002 stephen.jackson@colinx.com wrote:

> What's the best way to redirect or rewrite nonsecure requests to aliased
> directories so that they go to the SSL port? Doing this:
>
> Redirect /  https://mysystem
>
> only works for the DocumentRoot, not the Aliased directories. Those just
> fail. Thanks.

I usually do

	<VirtualHost xxxx:443>
	        Servername intranet....
	        ServerAlias ...
		...
		SSLEngine On
		...
	</VirtualHost>

	<VirtualHost xxxx:80>
	        Servername intranet....
	        ServerAlias ...

        	Documentroot    /usr/.../intranet/
	        TransferLog     ...

        	# Redirect *everything* to SSL.
	        RewriteEngine on
	        RewriteRule     ^(.*)   https://intranet.asemantics.com$1 [R=301]
	</VirtualHost>

And then - just to be paranoid; enforce the SSL explicit on each
directory which needs a login plaintext over SSL.

	<Directory /usr..../intranet>
		....
	        # Make rather sure we are using TLS before we start
	        # messing with passwords and all that.
	        #
	        RewriteEngine On
	        RewriteCond %{HTTPS} != on
	        RewriteRule (.*) https://intranet....com/ [R]

        	# Ask password
		#
	        AuthType Basic
	        AuthUserFile ...
        	AuthName ...
	        require valid-user
	</Directory>

This is also easily combined with Digest Auth; i.e. insist on either
BasicAUth+SSL or Digest on either.

Dw.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message