Re: Enabling a single directory as SSL enabled
Try mod_rewrite: RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^/(.*) https://yourserver.com/$1 The above forces HTTPS on the specified directory. It works for me ;) -Carlos Scott Brown wrote: > > --- Alex Moon <[EMAIL PROTECTED]> wrote: > > Set the server up as secure - allowing insecure or secure > > connection to the server but denying access to the the directory > > you want as secure except through the secure server port 443 > > You know, that makes remarkably good sense. > Does it work? I've seen this question a dozen times here, and nobody > ever said anything so simple. > I'm hoping it is... and I just need to twiddle the config a little. It seems like total overkill to define a completely separate host for SSL only. (and yes, I'm aware of the need to have all content on a ssl session pass as ssl...) Someone must have a simple cookie cutter that fits this. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- --- Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 --- # ifconfig eth0.net "Carlos Ramirez" netmask 255.255.255.0 up # route add -net smtp [EMAIL PROTECTED] # route add -net http http://www.roses.bna.boeing.com/~ramirezc
Re: Enabling a single directory as SSL enabled
Scott Brown wrote: > > > I've tried a > > > > > > > > > ...non-ssl directives > > > > > > SSLEngine on > > > SSLRequireSSL > > > etc..etc.. (including cert/key definitions) > > > > > > Not so sure about putting certificates in a ... Try this very explicit concoction: Listen 443 DocumentRoot /secure SSLEngine on SSLCertificateFile/your/cert/file SSLCertificateKeyFile /your/key/file Allow from all SSLRequireSSL NB These are the only SSL directives you absolutely need - everything else has a default. So try to get this working then add in the directives you want to configure one-by-one. Rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Enabling a single directory as SSL enabled
Hi Alex... > > Set the server up as secure - allowing insecure or secure > connection to the server but denying access to the the directory > you want as secure except through the secure server port 443 > Yes - thats what I'm trying to do... the problem is that I'm unable to. As I indicated: > > I've tried a > > > > > > ...non-ssl directives > > > > SSLEngine on > > SSLRequireSSL > > etc..etc.. (including cert/key definitions) > > > > > > > > but it's not behaving as I would expect (at very least I > > would be expecting it to complain that my site cert's > > name doesnt match my testdomain's name - but it doesnt)... > > IE5.01 doesnt display the locked symbol - BUT it is saying > > that it has a cert (and no, I've not installed the cert...) > > > > Is it not possible to have a subdirectory of a domain > > declared and processed as SSL enabled under > > Apache/modssl/openssl?? ... which I thought would do as you suggest, however I found it didnt behave as I thought it should. Have I missed something in the config? Or have I gone about this the wrong way?? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Enabling a single directory as SSL enabled
> > --- Alex Moon <[EMAIL PROTECTED]> wrote: > > Set the server up as secure - allowing insecure or secure > > connection to the server but denying access to the the directory > > you want as secure except through the secure server port 443 > > You know, that makes remarkably good sense. > Does it work? I've seen this question a dozen times here, and nobody > ever said anything so simple. > I'm hoping it is... and I just need to twiddle the config a little. It seems like total overkill to define a completely separate host for SSL only. (and yes, I'm aware of the need to have all content on a ssl session pass as ssl...) Someone must have a simple cookie cutter that fits this. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Enabling a single directory as SSL enabled
--- Alex Moon <[EMAIL PROTECTED]> wrote: > Set the server up as secure - allowing insecure or secure > connection to the server but denying access to the the directory > you want as secure except through the secure server port 443 You know, that makes remarkably good sense. Does it work? I've seen this question a dozen times here, and nobody ever said anything so simple. Can it be that easy? > On 16 Mar 01, at 21:14, Scott Brown wrote: > > > I'm probably looking for an answer to a FAQ tell me where it's > listed, > > and I'll take it from there. > > > > I'm from a MS-IIS background - and when I want to make a directory > secure, > > it's easy to tell the system via the MMC that /secure/ is to have a > secure > > connection requirement. > > > > Is there any way to set Apache up such that it recognizes that a > specific > > directory is supposed to be secure? > > > > I've tried a > > > > > > ...non-ssl directives > > > > SSLEngine on > > SSLRequireSSL > > etc..etc.. (including cert/key definitions) > > > > > > > > but it's not behaving as I would expect (at very least I would be > expecting > > it to complain that my site cert's name doesnt match my > testdomain's name - > > but it doesnt)... IE5.01 doesnt display the locked symbol - BUT it > is saying > > that it has a cert (and no, I've not installed the cert...) > > > > Is it not possible to have a subdirectory of a domain declared and > processed > > as SSL enabled under Apache/modssl/openssl?? > > > > > __ > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > > User Support Mailing List > [EMAIL PROTECTED] > > Automated List Manager > [EMAIL PROTECTED] > > > > > -- > Alex Moon > email:[EMAIL PROTECTED] > Tel:020 8411 5092 > Middlesex University Business School, > The Burroughs > Hendon > London > NW4 4BT > -- > __ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/?.refer=text __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Enabling a single directory as SSL enabled
Set the server up as secure - allowing insecure or secure connection to the server but denying access to the the directory you want as secure except through the secure server port 443 On 16 Mar 01, at 21:14, Scott Brown wrote: > I'm probably looking for an answer to a FAQ tell me where it's listed, > and I'll take it from there. > > I'm from a MS-IIS background - and when I want to make a directory secure, > it's easy to tell the system via the MMC that /secure/ is to have a secure > connection requirement. > > Is there any way to set Apache up such that it recognizes that a specific > directory is supposed to be secure? > > I've tried a > > > ...non-ssl directives > > SSLEngine on > SSLRequireSSL > etc..etc.. (including cert/key definitions) > > > > but it's not behaving as I would expect (at very least I would be expecting > it to complain that my site cert's name doesnt match my testdomain's name - > but it doesnt)... IE5.01 doesnt display the locked symbol - BUT it is saying > that it has a cert (and no, I've not installed the cert...) > > Is it not possible to have a subdirectory of a domain declared and processed > as SSL enabled under Apache/modssl/openssl?? > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] -- Alex Moon email:[EMAIL PROTECTED] Tel:020 8411 5092 Middlesex University Business School, The Burroughs Hendon London NW4 4BT -- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Enabling a single directory as SSL enabled
--- Scott Brown <[EMAIL PROTECTED]> wrote: > I'm probably looking for an answer to a FAQ tell me where it's > listed, and I'll take it from there. lol -- on these lists, a lot of the time. Read back through the archives. > I'm from a MS-IIS background - and when I want to make a directory > secure, it's easy to tell the system via the MMC that /secure/ is to > have a secure connection requirement. But not via webserver.. > Is there any way to set Apache up such that it recognizes that a > specific directory is supposed to be secure? There are definitely ways, but they require a bit of a hack. I recently wrote an article for how to do this with mod_perl at http://take23.org/articles/2001/03/12/redirect.xml?style=printable but if you don't have mod_perl installed you could do basically the same thing with mod_rewrite, I'm pretty sure. (mod_rewrite docs are at http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html ) It boils down to this: before the web server looks to see which directory you want, it has already either established a secure protocol or a nonsecure one. If you have nonsecure accesses redirected externally to the secure port, you tell the browser to ask using the right "language" (say please, basically). Hope that helps. > I've tried a > > > ...non-ssl directives > > SSLEngine on > SSLRequireSSL > etc..etc.. (including cert/key definitions) > > > > but it's not behaving as I would expect (at very least I would be > expecting it to complain that my site cert's name doesnt match my > testdomain's name - but it doesnt)... > IE5.01 doesnt display the locked symbol - BUT it is saying > that it has a cert (and no, I've not installed the cert...) > > Is it not possible to have a subdirectory of a domain declared and > processed as SSL enabled under Apache/modssl/openssl?? no and sort of. See above. ;o) __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Enabling a single directory as SSL enabled
Scott Brown wrote: > I'm from a MS-IIS background Welcome to Apache! > > Is there any way to set Apache up such that it recognizes that a specific > directory is supposed to be secure? > > ...non-ssl directives > > SSLEngine on > SSLRequireSSL > etc..etc.. (including cert/key definitions) > > I think the problem is that SSL is served on a different port number (443). Try: - adding the SSL address to the virtual host definition, e.g. Listen 443 ... as before - make a new virtual host just for SSL (I'd recommend this - for clarity) Listen 443 DocumentRoot /secure/ SSLEngine on SSLRequireSSL etc..etc.. (including cert/key definitions) best regards, Owen Boyle., __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Enabling a single directory as SSL enabled
I'm probably looking for an answer to a FAQ tell me where it's listed, and I'll take it from there. I'm from a MS-IIS background - and when I want to make a directory secure, it's easy to tell the system via the MMC that /secure/ is to have a secure connection requirement. Is there any way to set Apache up such that it recognizes that a specific directory is supposed to be secure? I've tried a ...non-ssl directives SSLEngine on SSLRequireSSL etc..etc.. (including cert/key definitions) but it's not behaving as I would expect (at very least I would be expecting it to complain that my site cert's name doesnt match my testdomain's name - but it doesnt)... IE5.01 doesnt display the locked symbol - BUT it is saying that it has a cert (and no, I've not installed the cert...) Is it not possible to have a subdirectory of a domain declared and processed as SSL enabled under Apache/modssl/openssl?? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]