httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Wegmann <go4un...@gmx.net>
Subject [users@httpd] Security using alias directive in a https vhost
Date Fri, 17 May 2013 06:26:00 GMT
Dear apache2 experts

I run three name-based apache2 vhosts on an Ubuntu 12.04 LTS server.
I can reach all three vhosts from the internet using https and FQDN.
My CA is CACert and I adapted the original default-ssl (in 
sites-available) config file for my three vhosts.

So lets the three name-based vhost call

example.com
foo1.example.com
foo2.example.com

for example. I can reach them from the internet using

https://example.com
https://foo1.example.com
https://foo2.example.com

Now I have added to alias directives in the vhost config file of example.com

Alias /foo1 "/var/www/foo1.example.com/public"
<Directory "/var/www/foo1.example.com/public/">
Options Indexes MultiViews FollowSymLinks
AllowOverride all
Order allow,deny
Allow from all
</Directory>

Alias /foo2 "/var/www/foo2.example.com/public"
<Directory "/var/www/foo2.example.com/public/">
Options Indexes MultiViews FollowSymLinks
AllowOverride all
Order allow,deny
Allow from all
</Directory>

so I can reach the three vohosts using

https://example.com
https://example.com/foo1
https://example.com/foo2

Now my question is: when I use the alias directives for foo1 and foo2, 
what happens whit the ssl encription in relation to foo1 and foo2? Does 
foo1 and foo2 use the ssl encription from example.com? Or are logins and 
the data excange from and to foo1 and foo2 unencrypted?

Kind regards, Roland

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message