httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] http and https together in a virtualhost
Date Wed, 04 Jun 2003 07:29:20 GMT
>-----Original Message-----
>From: andrea.lanza@frameweb.it [mailto:andrea.lanza@frameweb.it]
>
>I have a configuration file httpd.conf with multiple virtualhosts
>
>Each of them works with a different name (Name-based VirtualHost)
>I added SSL and evrything work well, but I have to specify twice the
>directive per each VirtualHost

The HTTPS protocol doesn't support name-based VHs so your
"NameVirtualHost *:443" directive won't work (it won't do what you think
it does). If you want to have SSL, you must define it in a separate
port-based VH (hence the use of port 443).

Do you want to have the same site available via HTTP or HTTPS?

First, have you really thought about this? This means that a user can
retrieve pages and send form data either "en clair" or encrypted. Why
would you want this? The point of SSL is to protect sensitive data
during transmission over the public internet. If you allow the user to
choose whether to use SSL or not, you have no control over it. Put it
another way, if a user accidentally sends you his credit card details
via the plain HTTP site and the card number is intercepted and misused,
who do you think the user will accuse? Your scheme is like having two
doors into your house - one with a big lock and one with no locks at
all.

Anyway, assuming that you have a compelling reason for doing this, one
way would be to define the site as HTTP and then proxy the HTTPS version
to it (or vice versa), e.g.

<VirtualHost *:80>
  DocRoot ...
  ServerName www.yoursite.com
  etc.
</VirtualHost>

<VirtualHost *:443>
  SSLEngine on
  SSLDirectivesHere...

  ProxyPass / http://www.yoursite.com/
  ProxyPassReverse / http://www.yoursite.com/
</VirtualHost>

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

>
>..........
>SSLMUTEX sem
>SSLRandomSeed startup builtin
>SSLSessionCache none
>Listen 443
>NameVirtualHost *:80
>NameVirtualHost *:443
># www.mydomain.my
><VirtualHost *:80>
>    ServerName www.mydomain.my
>    DocumentRoot "/usr/local/apache2/htdocs"
></VirtualHost>
><VirtualHost *:443>
>    ServerName www.mydomain.my
>    DocumentRoot "/usr/local/apache2/htdocs"
>    SSLEngine On
>    SSLCertificateFile conf/ssl/my-server.cert
>    SSLCertificateKeyFile conf/ssl/my-server.key
></VirtualHost>
>........
>
>I tried to specify <VirtualHost *:*>, and it seems to work, 
>but my problem
>is SSLEngine, than cannot be on and off in the same virtualhost !
>
>which is the right way ? (everything work now, but if I modify 
>a virtual
>host I should remember modify the corresponding one....
>
>thanks in advance
>
>andrea
>
>
>
>
>
>
>---
> This e-mail may contain confidential and/or privileged 
>information. If you
>are not the intended recipient (or have received this e-mail in error)
>please notify the sender immediately and destroy this e-mail. Any
>unauthorized copying, disclosure or distribution of the 
>material in this
>e-mail is strictly forbidden.
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
présent e-mail est un message privé et personnel, sans rapport avec
l'activité boursière de la SWX Swiss Exchange.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message