On Wed, 2004-02-04 at 10:20, Adam Augustine wrote: > john jonas wrote: > >>* How does SSL work; what is the process that moves > >>a web page from > >>http to https and from port 80 to port 443? > > Alternatively, you can use META-REFRESH to automatically re-direct > someone (so they don't have to click a link). From a web site I just > googled: > > <META HTTP-EQUIV=Refresh CONTENT="10; URL=http://www.htmlhelp.com/";>
If you have control of the server (you'd better) don't use HTTP-EQUIV META tags, just use the real thing (in httpd.conf, mine is in a VirtualHost section) : RedirectPermanent / https://secureserver/ Or you could do something like: RedirectPermanent /securestuff http://secureserver/securestuff > You can also use the SSLRequireSSL directive in the <Location> tags of > the config file to require SSL for a subdirectory of your site: > > Alias /supersecret /var/www/supersecret > > <Location /supersecret> > SSLRequireSSL > </Location> Hmm, that's not so good. I mean, yeah, it does it's thing, but then if someone tries to go to that URL the just get a message that says they can't. A better way is to keep secure stuff completely separate from non-secure stuff (different document root). That way you won't accidentally get someone running secure stuff unsecured (well, it could still happen, but it's harder. Or you could look into TLS... ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
