httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralf Schneider <>
Subject [users@httpd] Apache 2.0.48 and SSL
Date Sat, 07 Feb 2004 16:02:29 GMT

I try to setup an Apache 2.0.48 with a connection to Tomcat 5.0.16 via mod_jk2 
2.0.2. The static pages should be accessed via normal HTTP whereas the 
dynamic pages of my webapp should only be accessible via HTTPS for security.

I installed a certificate in /usr/local/apache2/conf/ssl and set up a 
virtual host for the SSL pages in ssl.conf:

<VirtualHost _default_:443>
DocumentRoot "/usr/local/tomcat/webapps/demo_02"
ServerName www.development.home:443
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log

Alias /demo_02 /usr/local/tomcat/webapps/demo_02

<Location "/demo_02/*">
    Order Allow,Deny
    Allow from All

<Location "/demo_02/WEB-INF/*">
    AllowOverride None
    deny from all

<Location "/demo_02/META-INF/*">
    AllowOverride None
    deny from all

SSLEngine on
SSLCertificateFile /usr/local/apache2/conf/ssl/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl/server.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
<Directory "/usr/local/apache2/cgi-bin">
    SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /usr/local/apache2/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


Unfortunately, I can access the web application with both HTTP and HTTPS, but 
it should be only accessible via HTTPS. So far, I tried to set SSLRequireSSL 
in the location above as well as a Redirect statement in httpd.conf:

Redirect permanent /demo_02/ https://localhost/demo_02

How can this be done?


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message