httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alessandro Fantuzzi <fantu...@o-one.net>
Subject Re: [users@httpd] From https to http and vice versa
Date Tue, 31 Mar 2009 14:19:35 GMT

First of all thanks for your advice.

I will check if we can serve all of the contents both in SSL and non SSL.
I didnt consider that solution, in fact I was concerned about putting 
the conversation between client and server back to http when the user 
requires a page which needs no protection.
After all the most important thing should be to ensure that some pages 
are served only in https and forget about the rest. In fact once the 
client has established a secure connection, the conversation should go 
on that way regardless of the pages requested, with no need to get back 
to http.

Anyway I fear our client will not accept this solution, because it is 
not what they requested.

The ideal solution should be to force the user to visit protected pages 
in https and get back to http for all the rest of the contents.

Is there a way to accomplish this ?

Do the protected pages need to be on a separate path or it is not necessary ?

As regards the number of bits I was referring to 128 bit Verisign 
certificates.

Bye

Brian Mearns wrote:
> On Mon, Mar 30, 2009 at 4:15 PM, Alessandro Fantuzzi <fantuzzi@o-one.net> wrote:
>   
>> We have a site running on Apache and Tomcat
>> LINUX
>> APACHE     2.0.59
>> TOMCAT     5.5.20
>> JVM    1.5
>>
>> We have to put some pages under SSL, just some, say:
>>
>> https://www.site.com/public/subscribe.jsp
>> https://www.site.com/public/unsubscribe.jsp
>>
>> We will install the 128 bit certificate under Apache Http server.
>> Path /public contains other pages but we want to put under SSL just the ones
>> mentioned before. Is this possible ?
>>
>> Should we create two Vitrual hosts, one for port 80 and one for 443 ?
>>
>> How do we force the user using the correct port, should we create rewrite
>> rules from one Virtual Host to the other ?
>>
>> Thanks in advance
>>     
> [clip]
>
> If you want to serve both SSL and non-SSL, then yes, you need two
> different hosts listening on the two ports as you mentioned. This
> alone is not enough, of course, just telling apache to listen on 443
> does not set up an SSL server, but it is necessary for what you want.
>
> Are you actually adverse to serving other content on SSL? In other
> words, if most pages are available on both SSL and non-SSL, is that
> okay? If that's the case, you can just serve the same content from
> both virtual hosts, but add some RequireSSL directives in a
> <FileMatch>, <Location>, or similar tag for the "secure" pages so that
> they are only accessible via HTTPS. Creating HTML links to https://...
> will suffice for getting the user there.
>
> On a related note, it seems to me that 128 bits is not a remotely
> secure key. I can't say for sure, but as I recall, anything under 1024
> bits is considered trivial, 2048 or 4096 is better.
>
> Hope that helps.
> -Brian
>
>   


-- 

Alessandro Fantuzzi - O-one s.r.l.
E-mail: fantuzzi@o-one.net <mailto:fantuzzi@o-one.net>
Software developer

www.o-one.net <http://www.o-one.net>

-------------------------------------------------------------------
Via Dante Zanichelli, 61 - 42100 Reggio Emilia
Tel. 0522 930078 - Fax. 0522 387947
-------------------------------------------------------------------
Via Stendhal, 36 - 20144 Milano
Tel 02.42292057 - Fax 02.47770936
-------------------------------------------------------------------

STRICTLY PERSONAL AND CONFIDENTIAL This message may contain confidential 
and proprietary material for the sole use of the intended recipient. Any 
review or distribution by others is strictly prohibited. If you are not 
the intended recipient please contact the sender and delete all copies. 
The contents of this message that do not relate to the official business 
of our company shall be understood as neither given nor endorsed by it.
-------------------------------------------------------------------

Mime
View raw message