httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Renato Oliveira <renato.olive...@grant.co.uk>
Subject RE: [users@httpd] SSL redirect browsers if weak encryption to a warning page
Date Tue, 16 Feb 2010 16:28:07 GMT
Eric,

Thank you for the reply?
I am sorry I don't understand it, sorry. I don't want to protect the directory, I want to
have a redirect of the 403 error to a warning page.

Do you mean for me to remove the
<Directory "/"> directive?

Thank you very much

Best regards

Renato



Renato Oliveira
Systems Administrator
e-mail: renato.oliveira@grant.co.uk

Tel: +44 (0)1763 260811
Fax: +44 (0)1763 262410
http://www.grant.co.uk/

Grant Instruments (Cambridge) Ltd

Company registered in England, registration number 658133

Registered office address:
29 Station Road,
Shepreth,
CAMBS SG8 6GB
UK

-----Original Message-----


From: Eric Covener [mailto:covener@gmail.com]
Sent: 16 February 2010 15:03
To: users@httpd.apache.org
Subject: Re: [users@httpd] SSL redirect browsers if weak encryption to a warning page

n Tue, Feb 16, 2010 at 9:50 AM, Renato Oliveira
<renato.oliveira@grant.co.uk> wrote:
> Dear all,
>
>
>
> I am using Apache Server version: Apache/2.2.3 on Centos 5.4 (Test
> environment)
>
> On Production Redhat 4 Server version: Apache/2.0.52
>
>
>
> I have been looking for a way of:
>
> 1 - Prevent browsers with lower encryption to use my site, which I can do
> with the two directives below
>
> SSLProtocol all -SSLv2
>
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
>
>
>
> 2 - Redirect them to a warning page
>
> <Directory "/">
>
>     SSLRequireSSL
>
>     SSLRequire (%{SSL_PROTOCOL} != "SSLv2" and %{SSL_CIPHER_USEKEYSIZE} >=
> 128) or %{REQUEST_URI} =~ m:^/errors/:
>
>     ErrorDocument 403 /errors/403-ssl.html
>
> </Directory>
>
>
>
> When I use IE5 to access the site I get the following error:
>
>
>
> Forbidden
>
> You don't have permission to access / on this server.
>
>
>
> Additionally, a 403 Forbidden error was encountered while trying to use an
> ErrorDocument to handle the request.

Don't protect the directory with your ErrorDocuments if you know the
SSL connection is already forbidden.

--
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




-----Original Message-----


P Please consider the environment before printing this email
CONFIDENTIALITY: The information in this e-mail and any attachments is confidential. It is
intended only for the named recipients(s). If you are not the named recipient please notify
the sender immediately and do not disclose the contents to another person or take copies.

VIRUSES: The contents of this e-mail or attachment(s) may contain viruses which could damage
your own computer system. Whilst Grant Instruments (Cambridge) Ltd has taken every reasonable
precaution to minimise this risk, we cannot accept liability for any damage which you sustain
as a result of software viruses. You should therefore carry out your own virus checks before
opening the attachment(s).

OpenXML: For information about the OpenXML file format in use within Grant Instruments please
visit our http://www.grant.co.uk/Support/openxml.html


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message