httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Renato Oliveira <renato.olive...@grant.co.uk>
Subject [users@httpd] SSL redirect browsers if weak encryption to a warning page
Date Tue, 16 Feb 2010 14:50:09 GMT
Dear all,

I am using Apache Server version: Apache/2.2.3 on Centos 5.4 (Test environment)
On Production Redhat 4 Server version: Apache/2.0.52

I have been looking for a way of:
1 - Prevent browsers with lower encryption to use my site, which I can do with the two directives
below
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

2 - Redirect them to a warning page

<Directory "/">

    SSLRequireSSL

    SSLRequire (%{SSL_PROTOCOL} != "SSLv2" and %{SSL_CIPHER_USEKEYSIZE} >= 128) or %{REQUEST_URI}
=~ m:^/errors/:

    ErrorDocument 403 /errors/403-ssl.html

</Directory>

When I use IE5 to access the site I get the following error:

Forbidden
You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to
handle the request.


--------------------------------------------------------------------------------

Apache/2.2.3 (CentOS) Server at secure01.grant.co.uk Port 443

Bellow is my Virtual Host:
NameVirtualHost 192.168.8.40:443
<VirtualHost 192.168.8.40:443>
        Serveradmin renato.oliveira@grant.co.uk
        DocumentRoot "/var/www/secure"
        ServerName secure01.granted.co.uk
        ErrorLog logs/secure01-error_log
        CustomLog logs/secure01.granted.co.uk-access_log common
        SSLEngine on

    <Directory "/">
        SSLRequireSSL
       SSLRequire (%{SSL_PROTOCOL} != "SSLv2" and %{SSL_CIPHER_USEKEYSIZE} >= 128) or %{REQUEST_URI}
=~ m:^/errors/:
        ErrorDocument 403 "Your Browser Does not support 128 Bit Encryption"
   </Directory>


       SSLProtocol all -SSLv2
       SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

       SSLCertificateFile /etc/httpd/conf/certs/server.crt
       SSLCertificateKeyFile /etc/httpd/conf/certs/server.key
</VirtualHost>

If anyone could help me or point to the right direction, give a clue it would be very much
appreciated.
I have search loads before posting this question here.

Thank you very much in advance

Renato

Renato Oliveira
Systems Administrator
e-mail: renato.oliveira@grant.co.uk

Tel: +44 (0)1763 260811
Fax: +44 (0)1763 262410
www.grant.co.uk<http://www.grant.co.uk/>

Grant Instruments (Cambridge) Ltd

Company registered in England, registration number 658133

Registered office address:
29 Station Road,
Shepreth,
CAMBS SG8 6GB
UK





P Please consider the environment before printing this email
CONFIDENTIALITY: The information in this e-mail and any attachments is confidential. It is
intended only for the named recipients(s). If you are not the named recipient please notify
the sender immediately and do not disclose the contents to another person or take copies.

VIRUSES: The contents of this e-mail or attachment(s) may contain viruses which could damage
your own computer system. Whilst Grant Instruments (Cambridge) Ltd has taken every reasonable
precaution to minimise this risk, we cannot accept liability for any damage which you sustain
as a result of software viruses. You should therefore carry out your own virus checks before
opening the attachment(s).

OpenXML: For information about the OpenXML file format in use within Grant Instruments please
visit our website<http://www.grant.co.uk/Support/openxml.html>

Mime
View raw message