You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Joost de Heer <sa...@xs4all.nl> on 2006/04/14 17:36:43 UTC

[users@httpd] Re: How to SSL protect certain directories

Romeo Theriault wrote:
> I have an apache website that I need some directories protected by
> ssl. So I got the certificate etc... Now I have two virtual hosts,
> one that is the unsecure and one that is the secure. There are only a
> few directories that I need secured by ssl.
>
> for example:
> http://www.some.domain.name.com/distance/register/
> http://www.some.domain.name.com/registrar/request/
>
> So to get those directories secured I put this mod_rewrite code into
> the unsecure httpd.conf file.

> <Directory /var/www/www/distance >
>                          RewriteEngine On
>                          RewriteBase /
>                          RewriteCond %{REQUEST_FILENAME} -f [OR]

'RewriteCond %{HTTPS} off' is a better check

> The problem is that once people have viewed those pages that are in
> those secure directories the rest of the pages they view on the site
> are on the secure site. I would like to have a rewriterule in the
> secure virtual host to check if they are not in one of those
> directories and redirect them back to the unsecure site.

Something like

RewriteCond %{REQUEST_URI} !^/secure_dir(.*)
RewriteCond %{HTTPS} on
RewriteRule /^(.*) http://my.site/$1

Joost


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Re: How to SSL protect certain directories

Posted by Joost de Heer <sa...@xs4all.nl>.

Romeo Theriault wrote:
> Joost, I've tried you option,
>
>> RewriteCond %{REQUEST_URI} !^/secure_dir(.*)
>> RewriteCond %{HTTPS} on
>> RewriteRule /^(.*) http://my.site/$1
>
> but still get no change in behaviour. It won't go back to http once
> it's gone to https:.

Change the RewriteRule to

RewriteRule /^(.*) http://my.site/$1 [R]

But what's so bad about people using SSL?

Joost


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Re: How to SSL protect certain directories

Posted by Romeo Theriault <ro...@gmail.com>.

Joost, I've tried you option,

> RewriteCond %{REQUEST_URI} !^/secure_dir(.*)
> RewriteCond %{HTTPS} on
> RewriteRule /^(.*) http://my.site/$1

but still get no change in behaviour. It won't go back to http once  
it's gone to https:.

Is there any additional information that I can provide to you to make  
this easier.

Thank you,

Romeo

On Apr 14, 2006, at 11:36 AM, Joost de Heer wrote:

> Romeo Theriault wrote:
>> I have an apache website that I need some directories protected by
>> ssl. So I got the certificate etc... Now I have two virtual hosts,
>> one that is the unsecure and one that is the secure. There are only a
>> few directories that I need secured by ssl.
>>
>> for example:
>> http://www.some.domain.name.com/distance/register/
>> http://www.some.domain.name.com/registrar/request/
>>
>> So to get those directories secured I put this mod_rewrite code into
>> the unsecure httpd.conf file.
>
>> <Directory /var/www/www/distance >
>>                          RewriteEngine On
>>                          RewriteBase /
>>                          RewriteCond %{REQUEST_FILENAME} -f [OR]
>
> 'RewriteCond %{HTTPS} off' is a better check
>
>> The problem is that once people have viewed those pages that are in
>> those secure directories the rest of the pages they view on the site
>> are on the secure site. I would like to have a rewriterule in the
>> secure virtual host to check if they are not in one of those
>> directories and redirect them back to the unsecure site.
>
> Something like
>
> RewriteCond %{REQUEST_URI} !^/secure_dir(.*)
> RewriteCond %{HTTPS} on
> RewriteRule /^(.*) http://my.site/$1
>
> Joost
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org