Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 9870 invoked from network); 16 Dec 2007 17:18:50 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 16 Dec 2007 17:18:50 -0000 Received: (qmail 69648 invoked by uid 500); 16 Dec 2007 17:18:28 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 69630 invoked by uid 500); 16 Dec 2007 17:18:28 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 69618 invoked by uid 99); 16 Dec 2007 17:18:28 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 16 Dec 2007 09:18:28 -0800 X-ASF-Spam-Status: No, hits=2.9 required=10.0 tests=HTML_MESSAGE,NORMAL_HTTP_TO_IP,SPF_PASS,URIBL_RHS_DOB X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of btricha@gmail.com designates 64.233.178.248 as permitted sender) Received: from [64.233.178.248] (HELO hs-out-2122.google.com) (64.233.178.248) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 16 Dec 2007 17:18:07 +0000 Received: by hs-out-2122.google.com with SMTP id 4so1889793hsl.8 for ; Sun, 16 Dec 2007 09:17:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=Y7BKdURlv9/YYkAnu0HSX4ZjFCSKMerftcUokIIhmPI=; b=fDEpuUG6YXy+h11P1Fos7tWSBhVn5pH53L8ikyiPnd4i85tWiVz138SNxcysm1p1Cq6oMO02mULKGRrW1K4cmQ4sMvr5myQ32uSnMqFMJMZYAhsHv/7tHo45Y83YdTXjbOXm2N1vG5rzBtDUy4Hn60kiwkFwtpca2+klGjrEpgE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=M8ifyXjH+ak1x6qj+oiVjMLbNuZ7oD+xkoRyJAAsg+2Ub/uAWsGDMDIuOOoA7XkO0L2cYVjkFSqAZ+57Mj4fKiRYc07TOdoH6UtvUeROTcf3Nt8XFSHLgOUfYLmBTo6iDiQMliwPH4ByZ2ye3W1KlwXTCvNwkYxOmU44DVa2iYk= Received: by 10.150.178.6 with SMTP id a6mr1968950ybf.22.1197825428498; Sun, 16 Dec 2007 09:17:08 -0800 (PST) Received: by 10.150.227.14 with HTTP; Sun, 16 Dec 2007 09:17:08 -0800 (PST) Message-ID: <3f81a4240712160917jf5fb82ckb8d6e8729ec8ca12@mail.gmail.com> Date: Sun, 16 Dec 2007 10:17:08 -0700 From: "Bryan Richardson" To: users@httpd.apache.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_1961_14808439.1197825428494" X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] Question about Apache SSL and Rewrites ------=_Part_1961_14808439.1197825428494 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hello all, I've set up a Trac site on my server, and I'm trying to configure it such that when a user attempts to login, SSL is used. I *think* I've configured my rewrites correctly (see below), but after the login occurs the site is still using SSL. I only want to use SSL for the actual act of logging in, and nothing else. Can anyone help me with this? See my site configuration files below for what I have so far. Thanks! P.S. Can anyone tell me what SSLRequireSSL does and if it's actually necessary? #### Apache2 default site config file #### ServerAdmin webmaster@localhost DocumentRoot /home/foo/public_html/ Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny Allow from all RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule trac/[^/]+/login$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] SetHandler mod_python PythonHandler trac.web.modpython_frontend PythonOption TracEnvParentDir /home/foo/public_html/trac/ PythonOption TracUriRoot /trac DAV svn SVNParentPath /home/foo/svn/ AuthType Basic AuthName "Subversion Repository" AuthUserFile /home/foo/.passwd AuthzSVNAccessFile /home/foo/.authz Require valid-user DocumentRoot /home/foo/public_html/ SSLEngine On SSLCertificateFile /etc/apache2/ssl/selfsigned.pem SSLCertificateKeyFile /etc/apache2/ssl/selfsigned.pem SSLRequireSSL On Options FollowSymLinks AllowOverride None SetHandler mod_python PythonHandler trac.web.modpython_frontend PythonOption TracEnvParentDir /home/foo/public_html/trac/ PythonOption TracUriRoot /trac AuthType Basic AuthName "Trac" AuthUserFile /home/foo/.passwd Require valid-user ------=_Part_1961_14808439.1197825428494 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hello all,

I've set up a Trac site on my server, and I'm trying to configure it such that when a user attempts to login, SSL is used.  I *think* I've configured my rewrites correctly (see below), but after the login occurs the site is still using SSL.  I only want to use SSL for the actual act of logging in, and nothing else.  Can anyone help me with this?  See my site configuration files below for what I have so far.  Thanks!

P.S. Can anyone tell me what SSLRequireSSL does and if it's actually necessary?

#### Apache2 default site config file ####

<VirtualHost 127.0.0.1:80>
    ServerAdmin webmaster@localhost
   
    DocumentRoot /home/foo/public_html/

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory /home/foo/public_html/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all

        RewriteEngine On
        RewriteCond %{SERVER_PORT} !^443$
        RewriteRule trac/[^/]+/login$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
    </Directory>

    <Location /trac>
        SetHandler mod_python
        PythonHandler trac.web.modpython_frontend
        PythonOption TracEnvParentDir /home/foo/public_html/trac/
        PythonOption TracUriRoot /trac
    </Location>

    <Location /svn>
        DAV svn
        SVNParentPath /home/foo/svn/
        AuthType Basic
        AuthName "Subversion Repository"
        AuthUserFile /home/foo/.passwd
        AuthzSVNAccessFile /home/foo/.authz
        Require valid-user
    </Location>
</VirtualHost>

<VirtualHost 127.0.0.1:443>
    DocumentRoot /home/foo/public_html/

    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/selfsigned.pem
    SSLCertificateKeyFile /etc/apache2/ssl/selfsigned.pem

    <Location /trac>
       SSLRequireSSL On
    </Location>

    <Directory /trac>
      Options FollowSymLinks
      AllowOverride None
    </Directory>

    <Location /trac>
        SetHandler mod_python
        PythonHandler trac.web.modpython_frontend
        PythonOption TracEnvParentDir /home/foo/public_html/trac/
        PythonOption TracUriRoot /trac
    </Location>

    <LocationMatch "/trac/[^/]+/login">
        AuthType Basic
        AuthName "Trac"
        AuthUserFile /home/foo/.passwd
        Require valid-user
    </LocationMatch>

</VirtualHost>

------=_Part_1961_14808439.1197825428494--