httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romeo Theriault <romeotheria...@gmail.com>
Subject [users@httpd] How to SSL protect certain directories
Date Fri, 14 Apr 2006 13:44:48 GMT
I have an apache website that I need some directories protected by  
ssl. So I got the certificate etc... Now I have two virtual hosts,  
one that is the unsecure and one that is the secure. There are only a  
few directories that I need secured by ssl.

for example:
http://www.some.domain.name.com/distance/register/
http://www.some.domain.name.com/registrar/request/

So to get those directories secured I put this mod_rewrite code into  
the unsecure httpd.conf file.


<Directory /var/www/www/distance >
                         RewriteEngine On
                         RewriteBase /
                         RewriteCond %{REQUEST_FILENAME} -f [OR]
                         RewriteCond %{REQUEST_FILENAME} -d
                         RewriteRule ^register/(.*) https:// 
www.some.domain.com/distance/register/$1 [C]
         </Directory>

         <Directory /var/www/www/registrar >
                         RewriteEngine On
                         RewriteBase /
                         RewriteCond %{REQUEST_FILENAME} -f [OR]
                         RewriteCond %{REQUEST_FILENAME} -d
                         RewriteRule ^request/(.*) https:// 
www.some.domain.com/registrar/request/$1 [C]
      </Directory>


This works great.

The problem is that once people have viewed those pages that are in  
those secure directories the rest of the pages they view on the site  
are on the secure site. I would like to have a rewriterule in the  
secure virtual host to check if they are not in one of those  
directories and redirect them back to the unsecure site.

I've been banging my head trying to get this and I can't figure it  
out. (I'm new to regular expressions and mod_rewrite). I keep getting  
redirected back and forth until the browser tells me "Too many  
redirects." or some such error.

Here's what I have so far for the secure virtual host, but again, it  
doesn't seem to work.

RewriteEngine On
RewriteRule !^register(.*) - [C]
RewriteRule ^/(.*) http://www.some.domain.com/$1 [L]
RewriteRule !^registrar/request/(.*) - [C]
RewriteRule ^/(.*) http://www.some.domain.com/$1 [L]


Could someone tell me what I'm doing wrong?

Do I need to put the secure rewrite rules in a <Directory> structure.

Thank you.
Mime
View raw message