On Jul 23, 10:43am, Karl Denninger wrote:
}
} How do I restrict access on a mod_ssl server in certain directories to ONLY
} SSL encrypted sessions?
}
} The syntax suggested in the apache.conf.default file doesn't appear to work
} - I'm sure I'm doing something stupid, and would appreciate a snipped from a
} config file that does the job.
The method I used is very simple. Since the secure server is a
seperate virtual server, I just set a different DocumentRoot for it,
and voila, secure pages can't be access insecurely.
} Basically, I want to lock down certain CGI programs so they CANNOT be
} executed unless the session is encrypted. I don't mind rejecting the
} request (re-writing it to https: from http: is not really what I'm after;
} I'd prefer to just bounce it)
You can use the above method. Just put the CGI's somewhere in the
DocumentRoot for the secure server, or create a seperate ScriptAlias
for it.
}-- End of excerpt from Karl Denninger
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
