httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carlos Williams <carlosw...@gmail.com>
Subject [users@httpd] How To Secure My Site?
Date Tue, 19 May 2009 23:14:21 GMT
Group,

I need help and I am not Apache / SSL expect so please excuse my
ignorance but can someone please tell me if this is possible w/o some
crazy configuration?
My domain 'iamunix.com' has an SSL (Verisign) certificate. I have it
installed on my web server running Apache. The config looks as
follows:

What I have is an internal & external directory under the document
root (/var/www/html)

When you browse to https://iamunix.com, the virtual host for Apache is
read and points to /var/www/html/int/main. This works great and my
certificate is read perfectly.

Now my challenge is I have a webmail utility (Squirrelmail) that lives
in /var/www/html/ext/main/webmail/. Currently I can access my webmail
via Apache by browsing to http://iamuinix.com/webmail however the site
is not secure. I would like to know if I can use the certificate that
is used when accessing the /var/www/html/int/main as well as for
/var/www/html/ext/main/webmail?

<VirtualHost *:443>
        DocumentRoot /var/www/html/int/main
        ServerName www.iamunix.com:443
        ServerAdmin webmaster@iamunix.com
        ErrorLog /var/log/httpd/www.iamunix.com-int-error_log
        TransferLog /var/log/httpd/www.iamunix.com-int-access_log
        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on
        #SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /etc/httpd/conf/ssl/www.crt
        SSLCertificateKeyFile /etc/httpd/conf/ssl/www.key
#       SSLCACertificateFile /etc/httpd/conf/ssl.int/intermediate.cr

        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
            SSLOptions +StdEnvVars
        </Files>

        <Directory "/var/www/html/int/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
         <Directory "/var/www/html/int/main">
                AuthName "Intranet"
                AuthType Basic
                AuthUserFile /var/www/html/int/secure/passwd
                require valid-user
        </Directory>


        <IfModule mod_alias.c>
                ScriptAlias /cgi-bin/ "/var/www/html/int/cgi-bin/"

                <Directory "/var/www/html/int/cgi-bin">
                        AllowOverride None
                        Options None
                        Order allow,deny
                        Allow from all
                </Directory>
        </IfModule>
SetEnvIf User-Agent ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
                CustomLog logs/ssl_request_log \
                          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

I also would like to note that when I currently access
https://iamunix.com, I a prompted to login with credentials for
"AuthUserFile /var/www/html/int/secure/passwd". I would not like to
use this method of authentication for https://iamunix.com/webmail as
Squirrelmail uses authentication from the IMAP server.

Thanks for any help!

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message