Virtual Host question?

Wed, 18 Jun 2003 16:51:13 -0700 

Hello,

I have an apache1.3.27/mod_ssl2.8.12. I was told today I needed to fix this issue with 
my web server "HTTP TRACE Enabled". 

Now I have module mod_rewrite as a Loaded Module. The fix for this is as follows:

If you are using Apache, add the following lines for each virtual
host in your configuration file :
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]

I'm confused about where to place this in my httpd.conf? 

I have two virtual hosts in my httpd.conf file. Does this look correct, thanks alot 
for your help:


<VirtualHost 111.111.111.111>
Redirect / https://host.company.com/
Servername host.company.com
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
</VirtualHost>


<VirtualHost _default_:443>
 
#  General setup for the virtual host
DocumentRoot "/opt/apache/htdocs"
ServerName host.company.com
ServerAdmin [EMAIL PROTECTED]
ErrorLog /opt/apache/logs/error_log
TransferLog /opt/apache/logs/access_log
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
/
#     this only for browsers where you know that their SSL implementation
#     works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
#   "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
 
#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog /opt/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 
</VirtualHost>



Regards,
Rob

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to