httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tianyin Xu <>
Subject [users@httpd] SSLRequireSSL doesn't work in <Directory> inside <VirtualHost>?
Date Fri, 06 Jan 2012 23:51:05 GMT
Hi, all,

I have some problem about the directive "SSLRequireSSL".

I setup my SSL for <VirtualHost _default_:443> and it works pretty well.
Then, I want to let Apache deny all the access when SSL is not used for the
HTTP request. In other words, I want to forbid access unless HTTP over SSL
(i.e. HTTPS) is used. According to the manual, I used the directive
"SSLRequireSSL" in the <Directory> block inside the default <VirtualHost>
block. My configuration is as follows:

<VirtualHost _default_:443>

DocumentRoot "/home/tianyin/apache2.2.21-ssl/htdocs"

SSLEngine on

SSLCertificateFile "/home/tianyin/apache2.2.21-ssl/conf/server.crt"
SSLCertificateKeyFile "/home/tianyin/apache2.2.21-ssl/conf/server.key"

<Directory "/home/tianyin/apache2.2.21-ssl/htdocs">


But it seems that "SSLRequireSSL" has no effect at all. I can still access
the "DocumentRoot" using HTTP. But if I put the <Directory> block out of
the <VirtualHost> block to be a separate, independent block (not nested).
It actually works.

Could anyone tell me why?

Many thanks!!

View raw message