You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Barry (@islandkey.com)" <ba...@islandkey.com> on 2004/10/12 19:24:06 UTC
[users@httpd] Securing individual directories (SSL)
I'm attempting to setup secure https for JUST the documentroot of my
webserver so that the login process is done via https, and once logged in,
it switches back to http.
Currently, I have the entire server running strictly https via rewrite
conditions like the following:
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
Here is how my current virtualhost setup is configured:
<VirtualHost _default_:443>
DocumentRoot "/var/www/html"
ServerName www.domain.com:443
ServerAdmin admin@domain.com
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/www.domain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.domain.com.key
SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
</VirtualHost>
<VirtualHost *:80 >
ServerAdmin admin@domain.com
ServerName www.domain.com
ServerAlias domain.com
DocumentRoot /var/www/html
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
</VirtualHost>
So, what I'd like to do is setup https for only the var/www/html directory,
and any subdirectories will be http (eg. /var/www/html/products would be
http).
Can anyone give me some tips (or let me know if it's even possible) on what
I'd need to change in order to do this? I'm not terribly fluent with Apache,
but I understand the basics.
Thanks very much for your time,
TH
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Securing individual directories (SSL)
Posted by "Barry (@islandkey.com)" <ba...@islandkey.com>.
Hi Dick,
That may just work. Would that mean simply redoing the rewrite
conditions accordingly?
TH
----- Original Message -----
From: "Dick Davies" <ra...@hellooperator.net>
To: <us...@httpd.apache.org>
Sent: Tuesday, October 12, 2004 1:27 PM
Subject: Re: [users@httpd] Securing individual directories (SSL)
> * Barry (@islandkey.com) <ba...@islandkey.com> [1026 18:26]:
> > I'm attempting to setup secure https for JUST the documentroot of my
> > webserver so that the login process is done via https, and once logged
in,
> > it switches back to http.
> >
> > Currently, I have the entire server running strictly https via rewrite
> > conditions like the following:
> >
> > RewriteEngine on
> > RewriteCond %{SERVER_PORT} !^443$
> > RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
> >
> > Here is how my current virtualhost setup is configured:
> >
> > <VirtualHost _default_:443>
> > DocumentRoot "/var/www/html"
> > ServerName www.domain.com:443
> > ServerAdmin admin@domain.com
> > ErrorLog logs/ssl_error_log
> > TransferLog logs/ssl_access_log
> > SSLEngine on
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> > SSLCertificateFile /etc/httpd/conf/ssl.crt/www.domain.com.crt
> > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.domain.com.key
> > SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
> > </VirtualHost>
> >
> > <VirtualHost *:80 >
> > ServerAdmin admin@domain.com
> > ServerName www.domain.com
> > ServerAlias domain.com
> > DocumentRoot /var/www/html
> > RewriteEngine on
> > RewriteCond %{SERVER_PORT} !^443$
> > RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
> > </VirtualHost>
> >
> > So, what I'd like to do is setup https for only the var/www/html
directory,
> > and any subdirectories will be http (eg. /var/www/html/products would be
> > http).
>
> Can you just check incoming URLs on the SSL host and redirect to the
non-ssl
> server if they include a directory component?
>
> Then do a check on the http host that if they *don't* have a directory
> component, send them to the ssl vhost..
>
> --
> This must be Thursday. I never could get the hang of Thursdays. - Arthur
Dent
> Rasputin :: Jack of All Trades - Master of Nuns
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Securing individual directories (SSL)
Posted by Dick Davies <ra...@hellooperator.net>.
* Barry (@islandkey.com) <ba...@islandkey.com> [1026 18:26]:
> I'm attempting to setup secure https for JUST the documentroot of my
> webserver so that the login process is done via https, and once logged in,
> it switches back to http.
>
> Currently, I have the entire server running strictly https via rewrite
> conditions like the following:
>
> RewriteEngine on
> RewriteCond %{SERVER_PORT} !^443$
> RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
>
> Here is how my current virtualhost setup is configured:
>
> <VirtualHost _default_:443>
> DocumentRoot "/var/www/html"
> ServerName www.domain.com:443
> ServerAdmin admin@domain.com
> ErrorLog logs/ssl_error_log
> TransferLog logs/ssl_access_log
> SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /etc/httpd/conf/ssl.crt/www.domain.com.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.domain.com.key
> SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
> </VirtualHost>
>
> <VirtualHost *:80 >
> ServerAdmin admin@domain.com
> ServerName www.domain.com
> ServerAlias domain.com
> DocumentRoot /var/www/html
> RewriteEngine on
> RewriteCond %{SERVER_PORT} !^443$
> RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
> </VirtualHost>
>
> So, what I'd like to do is setup https for only the var/www/html directory,
> and any subdirectories will be http (eg. /var/www/html/products would be
> http).
Can you just check incoming URLs on the SSL host and redirect to the non-ssl
server if they include a directory component?
Then do a check on the http host that if they *don't* have a directory
component, send them to the ssl vhost..
--
This must be Thursday. I never could get the hang of Thursdays. - Arthur Dent
Rasputin :: Jack of All Trades - Master of Nuns
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org