httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marat Khalili <...@rqc.ru>
Subject Re: [users@httpd] Help configure non-SSL webpages on an SSL site?
Date Wed, 16 Sep 2015 07:04:14 GMT
> The redirect just permanently redirects everything to use https. 
IMO you should fix this part by excluding the subset you want.

> I tried adding another VirtualHost for port 80, with a DocumentRoot 
> pointed at my "freely-available" subdirectory.
Not sure why you need another VirtualHost, but in any case you can 
always configure it to make unnecessary inaccessible. Just check Apache 
access controls for directories.

--

With Best Regards,
Marat Khalili

On 16/09/15 01:12, . wrote:
> Hello,
>
> I am a novice website admin, running Apache 2.4.7 on a Ubuntu box. I 
> want to be able to serve a subset of my website as http (port 80), 
> even though the overall site is on https (port 443).  I managed to 
> convert it all to https this summer by providing links in 
> /etc/apache2/sites-enabled/ to sites-available/default-ssl.conf and 
> sites-available/http-redirect.conf.  The redirect just permanently 
> redirects everything to use https.
>
> I tried adding another VirtualHost for port 80, with a DocumentRoot 
> pointed at my "freely-available" subdirectory.  That seemed to work, 
> but the problem is that if somebody just browses to that subdirectory, 
> they get a directory listing that includes a hyperlink to the parent 
> directory.  By clicking on that hyperlink, they can escape into the 
> rest of the website using http instead of https.
>
> I suspect there's a "proper" way to do this, but I don't know what it 
> is.  Any help, or pointers, would be appreciated.
>
> thanks,
> -Bob Montante
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


Mime
View raw message