httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Warron French" <wfre...@xtria.com>
Subject RE: [users@httpd] Securing individual directories (SSL)
Date Tue, 12 Oct 2004 17:53:02 GMT
Barry, I too am not fluent with Apache.  However, I know that you can run 2 Apache daemons
at one time.

Perhaps use httpd with an httpd/httpd.conf for you "unsecure" sites, and use httpsd/httpsd.conf(sp?)
with your httpsd.

Hope this helps.
Warron French


-----Original Message-----
From: Barry (@islandkey.com) [mailto:barry@islandkey.com]
Sent: Tuesday, October 12, 2004 1:24 PM
To: Apache Users
Subject: [users@httpd] Securing individual directories (SSL)


I'm attempting to setup secure https for JUST the documentroot of my
webserver so that the login process is done via https, and once logged in,
it switches back to http.

Currently, I have the entire server running strictly https via rewrite
conditions like the following:

RewriteEngine       on
RewriteCond %{SERVER_PORT}  !^443$
RewriteRule ^/(.*)          https://%{SERVER_NAME}/$1 [NC,R,L]

Here is how my current virtualhost setup is configured:

<VirtualHost _default_:443>
DocumentRoot "/var/www/html"
ServerName www.domain.com:443
ServerAdmin admin@domain.com
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/www.domain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.domain.com.key
SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
</VirtualHost>

<VirtualHost *:80 >
ServerAdmin admin@domain.com
ServerName www.domain.com
ServerAlias domain.com
DocumentRoot /var/www/html
RewriteEngine       on
RewriteCond %{SERVER_PORT}  !^443$
RewriteRule ^/(.*)          https://%{SERVER_NAME}/$1 [NC,R,L]
</VirtualHost>

So, what I'd like to do is setup https for only the var/www/html directory,
and any subdirectories will be http (eg. /var/www/html/products would be
http).

Can anyone give me some tips (or let me know if it's even possible) on what
I'd need to change in order to do this? I'm not terribly fluent with Apache,
but I understand the basics.

Thanks very much for your time,
TH


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message