httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stephen.jack...@colinx.com
Subject Re: [users@httpd] redirecting or rewriting urls of aliased directories to SSL port
Date Tue, 27 Aug 2002 15:14:22 GMT

Well that was easy! Thanks!

Stephen



                                                                                         
                                                           
                      Dirk-Willem van                                                    
                                                           
                      Gulik                    To:       users@httpd.apache.org          
                                                           
                      <dirkx@webweaving        cc:                                    
                                                              
                      .org>                    Subject:  Re: [users@httpd] redirecting
or rewriting urls of aliased directories to SSL port          
                                                                                         
                                                           
                      08/27/2002 10:24                                                   
                                                           
                      AM                                                                 
                                                           
                      Please respond to                                                  
                                                           
                      users                                                              
                                                           
                                                                                         
                                                           
                                                                                         
                                                           




On Tue, 27 Aug 2002 stephen.jackson@colinx.com wrote:

> What's the best way to redirect or rewrite nonsecure requests to aliased
> directories so that they go to the SSL port? Doing this:
>
> Redirect /  https://mysystem
>
> only works for the DocumentRoot, not the Aliased directories. Those just
> fail. Thanks.

I usually do

             <VirtualHost xxxx:443>
                     Servername intranet....
                     ServerAlias ...
                         ...
                         SSLEngine On
                         ...
             </VirtualHost>

             <VirtualHost xxxx:80>
                     Servername intranet....
                     ServerAlias ...

                   Documentroot    /usr/.../intranet/
                     TransferLog     ...

                   # Redirect *everything* to SSL.
                     RewriteEngine on
                     RewriteRule     ^(.*)
https://intranet.asemantics.com$1 [R=301]
             </VirtualHost>

And then - just to be paranoid; enforce the SSL explicit on each
directory which needs a login plaintext over SSL.

             <Directory /usr..../intranet>
                         ....
                     # Make rather sure we are using TLS before we start
                     # messing with passwords and all that.
                     #
                     RewriteEngine On
                     RewriteCond %{HTTPS} != on
                     RewriteRule (.*) https://intranet....com/ [R]

                   # Ask password
                         #
                     AuthType Basic
                     AuthUserFile ...
                   AuthName ...
                     require valid-user
             </Directory>

This is also easily combined with Digest Auth; i.e. insist on either
BasicAUth+SSL or Digest on either.

Dw.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org







---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message