You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Christopher Griesel <ch...@tradek.com> on 2001/12/04 16:18:51 UTC
ErrorDocument for SSLRequire ?
Hi, we have an mod_ssl secured site, it works great.
I've now enabled the SSLRequire directive, but when someone connects via
non-https, how Do I serve an customised error document?
I've tried ErrorDocument inside the <directory> tags which have SSRequire
and inside <virtualhost>
Also the logfile doesn't report a error number.
Tnx.
C.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: ErrorDocument for SSLRequire ?
Posted by Owen Boyle <ob...@bourse.ch>.
Christopher Griesel wrote:
>
> Hi, we have an mod_ssl secured site, it works great.
> I've now enabled the SSLRequire directive, but when someone connects via
> non-https, how Do I serve an customised error document?
> I've tried ErrorDocument inside the <directory> tags which have SSRequire
> and inside <virtualhost>
> Also the logfile doesn't report a error number.
Depending on your overall config, there are a couple of ways to do this.
Be careful though, you imply that there is access to an SSL area via
plain HTTP - therefore your SSL area is a sub-directory of a plain HTTP
DocumentRoot. This works but I would find a site like this difficult and
risky to maintain.
If you simply must do it like this, in the plain HTTP section (which
must encapsulate your SSL directory) put a Redirect or a RedirectMatch
to your warning page, e.g.
<Directory /home/site/html/ssl-stuff>
RedirectMatch (.*) http://your-server/warning-page.html
</Directory>
Otherwise, you might consider re-arranging your site to separate the SSL
and non-SSL content as you would for different VirtualHosts so you have
two parallel, non-nested docroots, e.g. /home/site/html and
/home/site/ssl. Then there is no crossover and no need for error docs
since there is no path to the SSL site via HTTP. Note that SSL sites are
supposed to be reached via a live link from a plain HTTP page so there
should be no way someone should use http to connect (any more than they
should try to connect via FTP).
rgds,
Owen Boyle
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org