> Alexander Häussel wrote:
> i have a website, that i want to allow access to via regular http.
> but as soon as the user logs in i want the pages to be secured via
> ssl. my ssl works, but it is possible to access those pages via http
> or https.
> i want that a special subdirectory is only accessibel via https
> regardless what the user types into the url.
The usual solution is:
- Have a "welcome page" which is plain HTTP.
- The welcome page has a link (something like: "Log in to out secure
site") which leads to an SSL page.
- The SSL page has your login screen (either client-sided via .htaccess
or a CGI form).
The main thing you need to do is to separate the HTTP and SLL content.
Be careful that the SSL directory is not a sub-directory of the HTTP
DocumentRoot.
Your configuration should look something like this:
Listen 80
<VirtualHost my_web_site:80>
SSLEngine off
DocumentRoot /home/apache/html
...
</VirtualHost>
Listen 443
<VirtualHost my_web_site:443>
SSLEngine on
SSLRequireSSL
DocumentRoot /home/apache/ssl
...
</VirtualHost>
Regards,
Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
