Re: Securing directories

2002-11-10 Thread Peter Viertel 
I'd set these up as virtual hosts - the essence of what you want to do 
here is to make http://www.domain.com/ return different information than 
https://www.domain.com.

Having done that (by following the links in the other reply you got) you 
then will need to set up what you want to happen on the http side of 
things - there is no automatic pop-up as you were asking for.

What many do is simply configure http to do a redirect to https, like this:

Redirect /https://www.domain.com/

or you can just put up a page with a link to https and explanatory text 
- which is often a good way of doing it so they have something to look 
at for explanation if their SSL client is not compatible with your site 
for example.

-PeterV.

Robert Lagana wrote:

Hello,
 
Using mod_ssl .. on Apache .. I would like to secure two directories..
 
https://www.domain.com/homedir
 
https://www.domain.com/homedir2
 
Now if user go to http://www.domain.com will users get a pop up saying 
that SSL is required?
 
Is this just a matter of having Port 80 and Port 443 enabled?
 
Do I set these directories up as virtual hosts?
 
Is there a link someone can provided that explains this?
 
Thanks,
Rob
 
 


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Make CA for WebServer ( Apache )

2002-11-10 Thread Daniel Moore 
It's in the mod ssl INSTALL file...
Basically it's an added step when you make apache...

--from readme file...

$ cd apache_1.3.x  ALL
$ SSL_BASE=../openssl-0.9.x \  ALL
EAPI_MM=../mm-1.1.x \   OPTIONAL
./configure \ALL
--enable-module=ssl \ALL
--prefix=/path/to/apache \   ALL
[--enable-shared=ssl] \  OPTIONAL
[--disable-rule=SSL_COMPAT] \OPTIONAL
[--enable-rule=SSL_SDBM] \   OPTIONAL
[--enable-rule=SSL_EXPERIMENTAL] \   OPTIONAL
[--enable-rule=SSL_VENDOR] \ OPTIONAL
[...more APACI options...]   OPTIONAL
$ make ALL
$ make certificateOPTIONAL
$ make installOPTIONAL
$ cd ..  

Daniel.

[EMAIL PROTECTED] wrote:

Hello,

How to create CA ( invalid: NOT real ) for Web Server ( Apache ) ?

Thank for your help !

Edward.



__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
 


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Apache 2 +SSL

2002-11-10 Thread Christopher Chaduka 
Aah, got it. Apache 2 comes with mod_ssl code. For those who might be 
in my situation, read this doc:

http://www.apacheworld.org/ty24/site.chapter17.html

Cheers!

Kiri

At 04:35 11-11-02 +0200, you wrote:
I searched through some archives and found out Apache 2 comes with mod_ssl 
code included, and that to enable SSL/TLS support in Apache 2, one has to 
compile OpenSSL first, then compile Apache 2 and --with-ssl=/path/to/openssl
I did exactly that. Isn't the default configuration file I get supposed to 
have some SSL directives in there? Am I brain dead? What am I missing?


--

Christopher Chaduka
Webmaster/Systems Administrator
Technical Department
M-Web Zimbabwe
Tel: +263 4 25 Fax: +263 4 708055
Mobile: +263 11 600994
http://www.mweb.co.zw

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Inability to force https rewrite before password authentication

2002-11-10 Thread Chris Gorman 
Hello All,

I have a strange problem here and was wondering if anyone had a solution.
I'm looking to perform a rewrite to https then require the user submit a
username and password.  The idea behind this is that the username and
password are submitted encrypted rather than in plain text.

First off version information
Apache
Server version: Apache/1.3.26 (Unix)
Mod_SSL
2.8.9 (debian 2.8.9-2.1)

I looked at Ralf's presentation from apachecon2000 (ref
http://www.modssl.org/docs/apachecon2000/slide-021-n.html ) which does
have a recipie for what I am looking to accomplish.  The only problem I
have is it doesn't seem to work for me.  The password authentication
happens before the url redirection which isn't desireable in this case.

My configuration

Directory /server-root/subdir
Options Indexes FollowSymLinks
AllowOverride All
RewriteEngineon
RewriteCond  %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
RewriteCond  %{HTTPS} !=on
RewriteRule  ^/(.*) https://%{SERVER_NAME}/subdir/$1 [R,L]
SSLOptions +StrictRequire
SSLRequire %{SSL_CIPHER_USEKEYSIZE} = 128
Satisfy any
Order deny,allow
deny from all
allow from 192.168.1.0/255.255.255.0
AuthName Restricted Access
AuthType Basic
AuthUserFile /etc/apache/htpasswd
Require valid-user
/Directory

Any ideas or suggestions on how I would overcome this obstacle, or reverse
the order of directive processing so the rewrite happens first?

Thanks

Chris

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]