httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dimitri Yioulos <dyiou...@firstbhph.com>
Subject Re: [users@httpd] SSL and directories
Date Fri, 07 Oct 2005 12:21:32 GMT
Thanks so much for the reply.  I guess I didn't understand the SSLRequireSSL 
directive; it's an enforcement directive then.  I mistook it for a redirector 
(don't ask how I arrived at that conclusion :-(doh)  ).

May I press on?  As I previously mentioned, I installed a web mail program on 
my mail server, and through its conf file, ahve it SSL-enabled.  Users reach 
that program by being redirected by our web server (using the directive 
"redirect /webmailprog https://mailserver.mydomain.com/webmailprog", and it 
works great.  Now, however, if I add a similar redirector on the mail server 
to try and see that http://mailserver/program goes to 
https://mailserver/program, I get a complaint that there are too many 
redirectors for this http server.  Point of story - how can I make sure that 
http:// goes to https://?

For that matter, how can I set up so that any particular directory is 
SSL-enabled and http:// is redirected to https://?

I appreciate your help.

Dimitri


On Friday October 07 2005 2:34 am, Axel-St├ęphane  SMORGRAV wrote:
> I guess the problem is that you made a request over a non-SSL connection,
> and the error you get is exactly what SSLRequireSSL is supposed to do when
> the resource is accessed over a non-SSL connection.
>
> Make sure that your request is submitted using the HTTPS scheme, i.e.
> https://myserver/mailscanner (or similar). Also make sure that all the
> requests for embedded documents are also made using HTTPS. Some of the
> documents that you receive may well contain links using the HTTP scheme
> rather than HTTPS.
>
> A good tool for tracking such issues is HTTPWatch for IE, or
> LiveHTTPheaders for FireFox.
>
> -ascs
>
> -----Original Message-----
> From: Dimitri Yioulos [mailto:dyioulos@firstbhph.com]
> Sent: Thursday, October 06, 2005 9:28 PM
> To: users@httpd.apache.org
> Subject: [users@httpd] SSL and directories
>
> Hello to all.
>
> I'm pretty new to apache and ssl.  I have httpd-2.0.46-46.3.ent.centos.1
> and mod_ssl-2.0.46-46.3.ent.centos.1 installed on a CentOS 3.3 box.  I have
> an SSL cert installed, and SSLCertificateFile and SSLCertificateKey
> locations specified correctly in ssl.conf.  I have a web mail app which I'm
> now able to access via SSL (but I did the SSL config in the app itself), so
> I'm pretty confident the basic SSL setup is correct.
>
> I want to access another web-based program (Mailwatch for MailScanner, no
> SSL config directives in the program) via SSL.  According to everything I
> read, I should add the directive:
>
> <Directory /var/www/html/mailscanner>
>      SSLRequireSSL
> </Directory>
>
> to my httpd.conf file.  When I do this, and restart httpd, I get a 403
> error. The httpd error log reads "access to var/www/html/mailscanner/
> failed, reason: SSL connection required".
>
> This is driving me crazy.  Would someone be kind enough to point out my
> faux-pas?
>
> Many thanks.
>
> Dimitri
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message