Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 85F8018264 for ; Tue, 15 Sep 2015 22:12:30 +0000 (UTC) Received: (qmail 71089 invoked by uid 500); 15 Sep 2015 22:12:25 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 71055 invoked by uid 500); 15 Sep 2015 22:12:25 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 71045 invoked by uid 99); 15 Sep 2015 22:12:25 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Sep 2015 22:12:25 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id D48B4F2D2A for ; Tue, 15 Sep 2015 22:12:24 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.102 X-Spam-Level: X-Spam-Status: No, score=-0.102 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id d4jCjDgfgY-e for ; Tue, 15 Sep 2015 22:12:24 +0000 (UTC) Received: from mail-qg0-f53.google.com (mail-qg0-f53.google.com [209.85.192.53]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with ESMTPS id 2EB144414C for ; Tue, 15 Sep 2015 22:12:24 +0000 (UTC) Received: by qgt47 with SMTP id 47so156256690qgt.2 for ; Tue, 15 Sep 2015 15:12:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=to:from:subject:message-id:date:user-agent:mime-version :content-type:content-transfer-encoding; bh=AfjiKDDQvoHgQ+F1n8Sd81O7Xljp56bq6qTf1SaPzH8=; b=X1VfbgfbWl+dtsWrDSiS4AXlGDmJqKYsBRtUVTJOD/1d3liSvOVLXJxgmVnW7IuNef L94gAdRtXzm/hlllX4Q5NRFFr6mxWqg+b5B55CucVlz5zaWV8i7mA44cn8QcGVqhf0CH 3F+Ys4M34yPQ5CCKSNQCbSBnVMsfIT/pcFuz+EiYiLLVFV/Bawdd2rv3Hv2bV1AjizV4 d+M+I6yE9wuRDn4IHpLOZEVM9SyW5gWFCHtj2kqnWwyRz58l41FDvM2VcWhY5uKA+8A4 YKv5eWivwC3xvY3LGkT/khTYoEWCjUMksrm7HJ0jWx1lucL2XrluIXDxOU4FmGmkIJH7 dvwg== X-Received: by 10.140.94.193 with SMTP id g59mr35724699qge.2.1442355143987; Tue, 15 Sep 2015 15:12:23 -0700 (PDT) Received: from [148.137.59.26] (mont.dyn.buad.bloomu.edu. [148.137.59.26]) by smtp.googlemail.com with ESMTPSA id 8sm8817966qgi.1.2015.09.15.15.12.22 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Sep 2015 15:12:23 -0700 (PDT) To: users@httpd.apache.org From: "." Message-ID: <55F897C8.3010108@gmail.com> Date: Tue, 15 Sep 2015 18:12:24 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: [users@httpd] Help configure non-SSL webpages on an SSL site? Hello, I am a novice website admin, running Apache 2.4.7 on a Ubuntu box. I want to be able to serve a subset of my website as http (port 80), even though the overall site is on https (port 443). I managed to convert it all to https this summer by providing links in /etc/apache2/sites-enabled/ to sites-available/default-ssl.conf and sites-available/http-redirect.conf. The redirect just permanently redirects everything to use https. I tried adding another VirtualHost for port 80, with a DocumentRoot pointed at my "freely-available" subdirectory. That seemed to work, but the problem is that if somebody just browses to that subdirectory, they get a directory listing that includes a hyperlink to the parent directory. By clicking on that hyperlink, they can escape into the rest of the website using http instead of https. I suspect there's a "proper" way to do this, but I don't know what it is. Any help, or pointers, would be appreciated. thanks, -Bob Montante --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org