httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonesy <>
Subject [users@httpd] Re: Help configure non-SSL webpages on an SSL site?
Date Wed, 16 Sep 2015 03:01:50 GMT
On Tue, 15 Sep 2015 18:12:24 -0400, . wrote:
> I am a novice website admin, running Apache 2.4.7 on a Ubuntu box. I 
> want to be able to serve a subset of my website as http (port 80), even 
> though the overall site is on https (port 443).  I managed to convert it 
> all to https this summer by providing links in 
> /etc/apache2/sites-enabled/ to sites-available/default-ssl.conf and 
> sites-available/http-redirect.conf.  The redirect just permanently 
> redirects everything to use https.
> I tried adding another VirtualHost for port 80, with a DocumentRoot 
> pointed at my "freely-available" subdirectory.  That seemed to work, but 
> the problem is that if somebody just browses to that subdirectory, they 
> get a directory listing that includes a hyperlink to the parent 
> directory.  By clicking on that hyperlink, they can escape into the rest 
> of the website using http instead of https.
> I suspect there's a "proper" way to do this, but I don't know what it 
> is.  Any help, or pointers, would be appreciated.

$ cat index.html

I put that in every sub-directory that I do not ever want folks poking 
around in. /images , /scripts , /includes , /temp ... whatever. 

Additionally, each sensitive directory's ,htaccess could include:
Options -Indexes 

But, Murphy's Law tells us that someday a critical .htaccess will get  

In your httpd.conf you can remove the "Indexes" option from the likes 
Options Includes Indexes FollowSymLinks MultiViews

That'll do it globally.
But, Murphy's Law tells us that someday a the httpd.conf will get

So, I also put 
in every sub-directory that I do not ever want folks poking around in.

Too bad you don't have access to Google in your section of the internet.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message