httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralf Schneider <r...@tapfere-schneiderleins.de>
Subject [users@httpd] Apache 2.0.48 and SSL
Date Sat, 07 Feb 2004 16:02:29 GMT
Hi,

I try to setup an Apache 2.0.48 with a connection to Tomcat 5.0.16 via mod_jk2 
2.0.2. The static pages should be accessed via normal HTTP whereas the 
dynamic pages of my webapp should only be accessible via HTTPS for security.

I installed a certificate in /usr/local/apache2/conf/ssl and set up a 
virtual host for the SSL pages in ssl.conf:

<VirtualHost _default_:443>
DocumentRoot "/usr/local/tomcat/webapps/demo_02"
ServerName www.development.home:443
ServerAdmin ralf@tapfere-schneiderleins.de
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log

Alias /demo_02 /usr/local/tomcat/webapps/demo_02

<Location "/demo_02/*">
    SSLRequireSSL
    Order Allow,Deny
    Allow from All
</Location>

<Location "/demo_02/WEB-INF/*">
    AllowOverride None
    deny from all
</Location>

<Location "/demo_02/META-INF/*">
    AllowOverride None
    deny from all
</Location>

SSLEngine on
SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ssl/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl/server.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /usr/local/apache2/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

Unfortunately, I can access the web application with both HTTP and HTTPS, but 
it should be only accessible via HTTPS. So far, I tried to set SSLRequireSSL 
in the location above as well as a Redirect statement in httpd.conf:

Redirect permanent /demo_02/ https://localhost/demo_02

How can this be done?

Ralf.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message