You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Peter Blajev <pe...@castandcrew.com> on 2002/02/26 01:31:10 UTC

Virtual host configuration

Hi all,

I've configured my Apache-1.3.23 server to work with SSL.
Also I need the main page and *only* the main page to be 
accessable on port 80, i.e.:
http://servername.com
https://servername.com

All requests to http://servername.com/something to and up
with error. For this part I need help.
Here is the related part (I hope) from my httpd.conf file:

--- <snip> ---
<VirtualHost <ip_address>:80>
ServerName servername.com
DocumentRoot /www/lists
SSLEngine off
</VirtualHost>
 
<VirtualHost <ip_address>:80>
ServerName servername.com
ServerPath /something/
DocumentRoot /www/null <-- There is no null directory.
                           I need Apache to respond with
                           error to every request to
                           http://servername.com/something
SSLEngine off
</VirtualHost>
 
<VirtualHost <ip_address>:443>
ServerName servername.com
ServerPath /something/
DocumentRoot "/www/lists"
<Directory "/www/lists">
    Options Indexes FollowSymLinks MultiViews +Includes
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
SSLEngine on
</VirtualHost>
---- <snip> ---

Thanks for your time
Peter

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Virtual host configuration

Posted by Owen Boyle <ob...@bourse.ch>.

Peter Blajev wrote:
> 
> Hi all,
> 
> I've configured my Apache-1.3.23 server to work with SSL.
> Also I need the main page and *only* the main page to be
> accessable on port 80, i.e.:
> http://servername.com
> https://servername.com
> 
> All requests to http://servername.com/something to and up
> with error. For this part I need help.
> Here is the related part (I hope) from my httpd.conf file:
> 
> --- <snip> ---

You're on the right track but you shouldn't make two VHs on the same
ServerName on port 80. You're correct that you need a port 80 VH but
then to block access into anything but the main-page, you could use a
<FilessMatch> container. Something like:

  <VirtualHost <ip_address>:80>
   ServerName servername.com
   DocumentRoot /www/lists
   SSLEngine off

   <Directory /www/lists>
     Allow from all
   </Directory>
   <FilesMatch "^index.html">
     Deny from all
   </FilesMatch>
   ErrorDocument 403 "you need to use HTTPS to go further in this site"

  </VirtualHost>

Check the regexp in FilesMatch - I'm just guessing! (should mean "any
file except index.html").

Rgds,

Owen Boyle.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: SUEXEC/Virtual host configuration

Posted by Carlos Costa Portela <cc...@servidores.net>.

On Wed, 27 Feb 2002 arrchie@cosmic.net.au wrote:
> Eg
> would it be best to have
> user username
> group username(yes each user has its own group)
>
> or
>
> user username
> group groupforusers(one group for all users)

	The second one (a common group for all users) has more sense to
me, since you can specify some actions just for 'apache-users' in your
machine. For example, permission to write in the logs directory.

	Best regards,
		Carlos.

      [ Learn about Web and Apache at http://www.improveyourweb.com ]

 _______Carlos Costa Portela_________________________________________________
| e-mail:  ccosta@servidores.net | home page: http://casa.ccp.servidores.net |
|_____Tódalas persoas maiores foron nenos antes, pero poucas se lembran______|


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: SUEXEC/Virtual host configuration

Posted by ar...@cosmic.net.au.

Hi,
When using SUEXEC..

I was wondering what would be best for the
user/group directives?

Eg
would it be best to have
user username
group username(yes each user has its own group)

or

user username
group groupforusers(one group for all users)

Im tending to lean towards the first since I cant see the point in allow a
group of users permissions to a directory?

Also to confirm are the permissions rwxr-x--- ok on the virthost
root directory & cgi bin?

It seems wrong to to give the user w permission, doesnt this allow them to
write into the directory as the suexec username? therefore adding their
own code is possible via the webbrowser?

Thanks
Dave




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Virtual host configuration

Posted by Al Andersen <ap...@viajante.com>.

Make sure you have these in httpd.conf:

Port 80

<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>

If you want **ONLY** SSL, comment out "Port 80" and "Listen 80"

-Al 

On Monday 25 February 2002 05:31, Peter wrote:
> Hi all,
>
> I've configured my Apache-1.3.23 server to work with SSL.
> Also I need the main page and *only* the main page to be
> accessable on port 80, i.e.:
> http://servername.com
> https://servername.com
>
> All requests to http://servername.com/something to and up
> with error. For this part I need help.
> Here is the related part (I hope) from my httpd.conf file:
>
> --- <snip> ---
> <VirtualHost <ip_address>:80>
> ServerName servername.com
> DocumentRoot /www/lists
> SSLEngine off
> </VirtualHost>
>
> <VirtualHost <ip_address>:80>
> ServerName servername.com
> ServerPath /something/
> DocumentRoot /www/null <-- There is no null directory.
>                            I need Apache to respond with
>                            error to every request to
>                            http://servername.com/something
> SSLEngine off
> </VirtualHost>
>
> <VirtualHost <ip_address>:443>
> ServerName servername.com
> ServerPath /something/
> DocumentRoot "/www/lists"
> <Directory "/www/lists">
>     Options Indexes FollowSymLinks MultiViews +Includes
>     AllowOverride None
>     Order allow,deny
>     Allow from all
> </Directory>
> SSLEngine on
> </VirtualHost>
> ---- <snip> ---
>
> Thanks for your time
> Peter
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org