You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by kloomis <kl...@it-resources.com> on 2006/08/23 19:29:14 UTC
[users@httpd] Secure or not?
Hello:
On my secure site the php code print "Port:".$_SERVER['SERVER_PORT']);
prints port:80 when accessing the site with https:// The little padlock is
showing at the bottom of the page and the router is set to send 443 to the
server.
In httpd.conf I have:
NameVirtualHost *:80
NameVirtualHost *:443
and
<VirtualHost *:443>
ServerAdmin webAdmin@example.com
DocumentRoot /var/www/html/sgimis
ServerName sgimis.example.com
ErrorLog logs/itr_sgimis-error_log
CustomLog logs/itr_sgimis-access_log common
</VirtualHost>
along with a bunch of *:80 VirtuaHosts
When accessing the site users have to go thru the usual certificate
acceptance ceremony.
Also the code
if ($_SERVER['HTTPS'] !== 'on') {
die("This site is accessible only through a secure connection.");
}
will prevent access to the site. So it seems that I'm not using SSL even
tho I'm getting a cert and a padlock.
Can anyone suggest an avenue to approach this?
Thanks,
Ken
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Secure or not?
Posted by kloomis <kl...@it-resources.com>.
At 07:37 PM 8/23/2006 +0200, you wrote:
>remove :*80 ?
>or forward to 443
Thanks for your reply.
There is no VH for this ServerName at :*80. You can't get in with http.
(There are other VHs at port 80.) The https is getting handled by the VH
at :*443, but the header says it's port 80?
Ken
>----- Original Message -----
>From: "kloomis" <kl...@it-resources.com>
>To: <us...@httpd.apache.org>
>Sent: Wednesday, August 23, 2006 7:29 PM
>Subject: [users@httpd] Secure or not?
>
>
> > Hello:
> >
> > On my secure site the php code print "Port:".$_SERVER['SERVER_PORT']);
> > prints port:80 when accessing the site with https:// The little padlock
>is
> > showing at the bottom of the page and the router is set to send 443 to the
> > server.
> >
> > In httpd.conf I have:
> >
> > NameVirtualHost *:80
> > NameVirtualHost *:443
> >
> > and
> >
> > <VirtualHost *:443>
> > ServerAdmin webAdmin@example.com
> > DocumentRoot /var/www/html/sgimis
> > ServerName sgimis.example.com
> > ErrorLog logs/itr_sgimis-error_log
> > CustomLog logs/itr_sgimis-access_log common
> > </VirtualHost>
> >
> > along with a bunch of *:80 VirtuaHosts
> >
> > When accessing the site users have to go thru the usual certificate
> > acceptance ceremony.
> >
> > Also the code
> > if ($_SERVER['HTTPS'] !== 'on') {
> > die("This site is accessible only through a secure connection.");
> > }
> >
> > will prevent access to the site. So it seems that I'm not using SSL even
> > tho I'm getting a cert and a padlock.
> >
> > Can anyone suggest an avenue to approach this?
> >
> > Thanks,
> >
> > Ken
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
Re: [users@httpd] Secure or not?
Posted by herauthon <he...@home.nl>.
remove :*80 ?
or forward to 443
----- Original Message -----
From: "kloomis" <kl...@it-resources.com>
To: <us...@httpd.apache.org>
Sent: Wednesday, August 23, 2006 7:29 PM
Subject: [users@httpd] Secure or not?
> Hello:
>
> On my secure site the php code print "Port:".$_SERVER['SERVER_PORT']);
> prints port:80 when accessing the site with https:// The little padlock
is
> showing at the bottom of the page and the router is set to send 443 to the
> server.
>
> In httpd.conf I have:
>
> NameVirtualHost *:80
> NameVirtualHost *:443
>
> and
>
> <VirtualHost *:443>
> ServerAdmin webAdmin@example.com
> DocumentRoot /var/www/html/sgimis
> ServerName sgimis.example.com
> ErrorLog logs/itr_sgimis-error_log
> CustomLog logs/itr_sgimis-access_log common
> </VirtualHost>
>
> along with a bunch of *:80 VirtuaHosts
>
> When accessing the site users have to go thru the usual certificate
> acceptance ceremony.
>
> Also the code
> if ($_SERVER['HTTPS'] !== 'on') {
> die("This site is accessible only through a secure connection.");
> }
>
> will prevent access to the site. So it seems that I'm not using SSL even
> tho I'm getting a cert and a padlock.
>
> Can anyone suggest an avenue to approach this?
>
> Thanks,
>
> Ken
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org