Hey,
Way back a in January I posted a patch to implement a new directive,
SSLOnlyOnPort. It allowed the same VirtualHost section to be used for ssl
and non-ssl requests. I remember Ralf saying he thought this was a good
idea, and would work some equivalent functionality into mod_ssl. Well, it's
been a while and a bunch of releases, and I'm wondering if it got dropped.
Ralf, what's the status on this directive or some other directive with
equivalent functionality?
If you want, I have a diff file updated for mod_ssl-2.2.8-1.3.6.
- David Harris
Principal Engineer, DRH Internet Services
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of David Harris
Sent: Friday, January 08, 1999 12:25 PM
To: [EMAIL PROTECTED]
Cc: David Harris
Subject: New feature: SSLOnlyOnPort
Hello Ralf,
Hello Everyone,
I have just added a new feature to mod_ssl which gets around what was, in my
opinion, one of it's annoying little quirks. Basically, this new feature
allows one to create a VirtualHosts section which applies to the SSL and
non-SSL server on one IP address. Previously, one had to create two
VirtualHosts sections, one SSL and one not, which requires duplication of
all the configuration directive including logging directives. Duplication of
logging directives uses up double the file
descriptors and requires a ssl_access_log and a non-ssl_access_log.
The patch creates an additional directive "SSLOnlyOnPort" which tells the
mod_ssl engine to only serve incoming connections on the specified port as
SSL. Connections on other ports, even though the VirtualHost has SSL
enabled, are treated as non-SSL connections.
Here is an example configuration:
-----
Listen 209.70.72.155:80
Listen 209.70.72.155:443
<VirtualHost 209.70.72.155:*>
ServerAdmin [EMAIL PROTECTED]
ServerName www.westegg.com
DocumentRoot /web/4/morgan
ErrorLog /web/4/_admin/morgan/logs/error_log
TransferLog /web/4/_admin/morgan/logs/transfer_log
SSLEngine on
SSLCertificateKeyFile /web/4/_admin/morgan/ssl/www.westegg.com.key
SSLCertificateFile /web/4/_admin/morgan/ssl/www.westegg.com.crt
SSLOnlyOnPort 443
SSLLog /web/4/_admin/morgan/logs/ssl_log
SSLLogLevel trace
</VirtualHost>
-----
Notice how the first three lines make this VirtualHost section grab the SSL
and non-SSL ports on 209.70.72.155. Then the "SSLOnlyOnPort 443" line tells
the mod_ssl engine to only treat connections on port 443 as SSL. Therefore,
connections to 209.70.72.155:80 are non-SSL and connections to
209.70.72.155:443 are handled as SSL -- all with one VirtualHosts section.
This patch is to mod_ssl-2.1.6-1.3.3 and is included after my .sig file.
Since I just know my mailer will word wrap this, you can also get it at:
http://www.davideous.com/misc/pkg.sslmod.diff
- David Harris
Principal Engineer, DRH Internet Services
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
