> I'm somewhat confused about the configuration of apache and apache-ssl. > I noticed that by default they both share the same document root, > server root, and run under the same system user. I read about the > different methods of authentication on the apache site, as well as > .htaccess files, but didn't see a way to restrict access of certain > pages to a secure connection only. Am I missing something or should I > be setting up apache and apache-ssl to have separate document roots, > server roots, and system users? >
apache-ssl doesn't provide access restrictions. It provides encrypted data. You can still access all the web pages under apache-ssl, but no one can sneak in and steal your information (credit cards) from what you POST to the server. If you are looking for access restrictions, then .htaccess is a start. Not having the docs in front of me, I have to venture a guess that there is a different configuration for http and https document roots that you have to set up. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]