httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] force HTTPS on only couple of pages
Date Thu, 13 Feb 2003 16:58:03 GMT
>-----Original Message-----
>From: Know How [mailto:beteachable@hotmail.com]
>
>Hi,
>I have installed Apache 1.3.27 on HP-UX 11.00. I have put the SSL 
>Certificate. We are using tomcat, java1.3. Now i want to have 
>SSL only for 
>http://www.newdomain.com/login/login.jsp
>and
>http://www.newdomain.com/user/userregistration.jsp

HTTPS is a different protocol running on a separate Virtual Host. You
can't really switch it on and off on a file-by-file basis...

However, one way to proceed would be to set up an HTTPS VH which had the
same docroot as your HTTP VH. So then you'd have the possibility of
viewing the site via HTTP or HTTPS. Then, in each VH, you make
RewriteRules which switch you from one to the other. The scheme would
look something like this (using pseudo-code, of course.):

<HTTP VH>
  RewriteRule /login/login.jsp https://www.newdomain.com/login/login.jsp
  RewriteRule /user/userregistration.jsp
http://www.newdomain.com/user/userregistration.jsp
</HTTP VH>

<HTTPS VH>
 RewriteRule (anything but login.jsp)  http://www.newdomain.com/$1
</HTTPS VH>

The rules would be more complicated and you'd need to watch for loops
etc. but you get the idea...

Rgds,
Owen Boyle

>
>How do we force only above pages to have https instead http?
>Also how to come back from an https to http, when we goto 
>another page from 
>there?
>
>If i use https://www.newdomain.com/login/login.jsp, it works fine.
>
>Thanks
>
>
>
>
>
>
>
>_________________________________________________________________
>The new MSN 8: smart spam protection and 2 months FREE*  
>http://join.msn.com/?page=features/junkmail
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message