Return-Path: 
 <users-return-37807-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 36381 invoked from network); 7 Feb 2004 16:02:58 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 7 Feb 2004 16:02:58 -0000
Received: (qmail 67018 invoked by uid 500); 7 Feb 2004 16:02:31 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 66862 invoked by uid 500); 7 Feb 2004 16:02:30 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 66829 invoked from network); 7 Feb 2004 16:02:30 -0000
Received: from unknown (HELO natsmtp00.webmailer.de) (81.169.145.165)
  by daedalus.apache.org with SMTP; 7 Feb 2004 16:02:30 -0000
Received: from majestix.home.local (p50888EE5.dip0.t-ipconnect.de
 [80.136.142.229])
	by post.webmailer.de (8.12.10/8.12.10) with ESMTP id i17G2UYv016236
	for <users@httpd.apache.org>; Sat, 7 Feb 2004 17:02:31 +0100 (MET)
From: Ralf Schneider <ralf@tapfere-schneiderleins.de>
Reply-To: ralf@tapfere-schneiderleins.de
To: users@httpd.apache.org
Date: Sat, 7 Feb 2004 17:02:29 +0100
User-Agent: KMail/1.5.3
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200402071702.29554.ralf@tapfere-schneiderleins.de>
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
Subject: [users@httpd] Apache 2.0.48 and SSL
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

Hi,

I try to setup an Apache 2.0.48 with a connection to Tomcat 5.0.16 via mod_jk2 
2.0.2. The static pages should be accessed via normal HTTP whereas the 
dynamic pages of my webapp should only be accessible via HTTPS for security.

I installed a certificate in /usr/local/apache2/conf/ssl and set up a 
virtual host for the SSL pages in ssl.conf:

<VirtualHost _default_:443>
DocumentRoot "/usr/local/tomcat/webapps/demo_02"
ServerName www.development.home:443
ServerAdmin ralf@tapfere-schneiderleins.de
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log

Alias /demo_02 /usr/local/tomcat/webapps/demo_02

<Location "/demo_02/*">
    SSLRequireSSL
    Order Allow,Deny
    Allow from All
</Location>

<Location "/demo_02/WEB-INF/*">
    AllowOverride None
    deny from all
</Location>

<Location "/demo_02/META-INF/*">
    AllowOverride None
    deny from all
</Location>

SSLEngine on
SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ssl/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl/server.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /usr/local/apache2/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

Unfortunately, I can access the web application with both HTTP and HTTPS, but 
it should be only accessible via HTTPS. So far, I tried to set SSLRequireSSL 
in the location above as well as a Redirect statement in httpd.conf:

Redirect permanent /demo_02/ https://localhost/demo_02

How can this be done?

Ralf.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org