httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] DocumentRoot for http and SSL
Date Thu, 08 May 2003 07:36:51 GMT
>-----Original Message-----
>From: kulkarni veena [mailto:veenacsus@yahoo.com]

>
>My question is : is it good to keep the DocumentRoot
>of http files and ssl files seperate?

It depends on what you are trying to achieve. Normally, your plain HTTP
site is served on port 80 and your SSL site is on port 443. So that
means you have two port-based VirtualHosts in your config. There is
nothing technically wrong if the two VHs have same DocRoot - but it
means that you can view the same site via HTTP or via HTTPS. Is this
what you want?

Most people use SSL because they have a some pages that they want to be
secured - for example, a form that users have to fill in with
confidential information. You usually want to avoid that the user can
fill in this form via plain HTTP and force him to use SSL for his own
protection. Typically, you'd do it like this:

Listen ip:80
<VH ip:80>
  DocRoot /home/html

Listen ip:443
<VH ip:443>
  DocRoot /home/ssl

then:

	http://servername/plain-page.html -> /home/html/plain-page.html

and:

	https://servername/ssl-page.html -> /home/ssl/ssl-page.html

That way you keep the ssl pages out of the plain html webspace so that
you won't have a user accidentally accessing the form under plain HTTP
and thus maybe compromising his confidential data.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.  



>
>i.e say
>for http: /path/to/httpfiles
>for ssl: /path/to/sslfiles
>
>Thanks in advance
>
>-Veena
>
>__________________________________
>Do you Yahoo!?
>The New Yahoo! Search - Faster. Easier. Bingo.
>http://search.yahoo.com
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message