httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Axelsen" <li...@frozenpc.net>
Subject Re: [users@httpd] SSL on Virtual Hosts
Date Wed, 29 Oct 2003 21:59:26 GMT
I the added a _Default_ ssl vh before my desired vh.  The problem now is
that it never gets past the _Default_ host.  All ssl sites go there, so it
never gets to loading my desired one.

I added this:

## SSL Virtual Host Context
##
NameVirtualHost *:443

<VirtualHost _default_:443>
DocumentRoot "/path/to/doc/root/"

ErrorLog logs/ssl_error_log
CustomLog logs/ssl_access_log combined

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>


> Aaron Axelsen wrote:
>>
>> Maybe I should explain the enviroment a little more.  It is ok if it
>> creates a certificate error.  We are only using a self signed
>> certificate
>> for the time being.  Our main concern is that we only want ssl active on
>> a
>> specific virual host.  No matter what i do, we can still access the
>> server
>> via ssl on an configured VH.
>>
>> I only want vh.myserver.com to have ssl access.
>>
>> This is the ssl vh declarition i am trying:
>>
>> NameVirtualHost *:443
>> <VirtualHost *:443>
>> ...
>> </VirtualHost>
>
> The problem with this is that unless there are other vhosts that match
> *:443, then this vhost is also the "default", as it's the first (and
> only) matching vhost when Apache handles a https connection.  Recall
> that if no vhost containers match on the ServerName, then Apache picks
> the default/first one to apply to the request.  Try adding anoter vhost
> container along the lines of <VirtualHost _default_:443>.  Inside this
> container, put whatever you want the user to see if they try to access
> your server using https with anything but the desired vhost.  I.e. a
> DocumentRoot that points to an "error, go away" page, or a mod_rewrite
> rule, etc.
>
> Brian
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


--
Aaron Axelsen
aim: aaak2
email: axelseaa@amadmax.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message