httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dick Davies <rasput...@hellooperator.net>
Subject Re: [users@httpd] Securing individual directories (SSL)
Date Tue, 12 Oct 2004 20:27:38 GMT
* Barry (@islandkey.com) <barry@islandkey.com> [1026 18:26]:
> I'm attempting to setup secure https for JUST the documentroot of my
> webserver so that the login process is done via https, and once logged in,
> it switches back to http.
> 
> Currently, I have the entire server running strictly https via rewrite
> conditions like the following:
> 
> RewriteEngine       on
> RewriteCond %{SERVER_PORT}  !^443$
> RewriteRule ^/(.*)          https://%{SERVER_NAME}/$1 [NC,R,L]
> 
> Here is how my current virtualhost setup is configured:
> 
> <VirtualHost _default_:443>
> DocumentRoot "/var/www/html"
> ServerName www.domain.com:443
> ServerAdmin admin@domain.com
> ErrorLog logs/ssl_error_log
> TransferLog logs/ssl_access_log
> SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /etc/httpd/conf/ssl.crt/www.domain.com.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.domain.com.key
> SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
> </VirtualHost>
> 
> <VirtualHost *:80 >
> ServerAdmin admin@domain.com
> ServerName www.domain.com
> ServerAlias domain.com
> DocumentRoot /var/www/html
> RewriteEngine       on
> RewriteCond %{SERVER_PORT}  !^443$
> RewriteRule ^/(.*)          https://%{SERVER_NAME}/$1 [NC,R,L]
> </VirtualHost>
> 
> So, what I'd like to do is setup https for only the var/www/html directory,
> and any subdirectories will be http (eg. /var/www/html/products would be
> http).

Can you just check incoming URLs on the  SSL host and redirect to the non-ssl
server if they include a directory component?

Then do a check on the http host that if they *don't* have a directory
component, send them to the ssl vhost..

-- 
This must be Thursday. I never could get the hang of Thursdays. - Arthur Dent
Rasputin :: Jack of All Trades - Master of Nuns

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message