On Mon, Mar 30, 2009 at 4:15 PM, Alessandro Fantuzzi <fantu...@o-one.net> wrote: > We have a site running on Apache and Tomcat > LINUX > APACHE 2.0.59 > TOMCAT 5.5.20 > JVM 1.5 > > We have to put some pages under SSL, just some, say: > > https://www.site.com/public/subscribe.jsp > https://www.site.com/public/unsubscribe.jsp > > We will install the 128 bit certificate under Apache Http server. > Path /public contains other pages but we want to put under SSL just the ones > mentioned before. Is this possible ? > > Should we create two Vitrual hosts, one for port 80 and one for 443 ? > > How do we force the user using the correct port, should we create rewrite > rules from one Virtual Host to the other ? > > Thanks in advance [clip]
If you want to serve both SSL and non-SSL, then yes, you need two different hosts listening on the two ports as you mentioned. This alone is not enough, of course, just telling apache to listen on 443 does not set up an SSL server, but it is necessary for what you want. Are you actually adverse to serving other content on SSL? In other words, if most pages are available on both SSL and non-SSL, is that okay? If that's the case, you can just serve the same content from both virtual hosts, but add some RequireSSL directives in a <FileMatch>, <Location>, or similar tag for the "secure" pages so that they are only accessible via HTTPS. Creating HTML links to https://... will suffice for getting the user there. On a related note, it seems to me that 128 bits is not a remotely secure key. I can't say for sure, but as I recall, anything under 1024 bits is considered trivial, 2048 or 4096 is better. Hope that helps. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
