You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jeff Field <jf...@aaaq.com> on 2002/03/09 00:21:04 UTC

require SSL on a cgi file problem

Okay, I've exhausted a lot of time on this already...hoping for an easy
answer...

I have a plain vanilla Apache setup on RH 7.2, no virtual domains, just the
main/default server, and SSL enabled.  Here's the problem:

I want to require SSL for *all* resources available under this default
server.  The way I did it was to add (in httpd.conf) SSLRequireSSL to the
root directory as follows:

<Directory />
    Options FollowSymLinks
    AllowOverride None
    SSLRequireSSL
</Directory>

So far I can't get to anything without using https://, except one thing.  I
have in a subdirectory of the cgi-bin directory a script that I *can* access
without SSL.  The subdirectory looks like this:

/usr/local/apache/cgi-bin/subname

And, in the subname directory I have a script we'll call cgiscript.cgi.  One
thing more; this subdirectory is enabled to restrict access, so, I have an
.htaccess file the contents of which look like this (without the dashed
lines, and with a real file path to the password file and AuthName):

--------------------
AuthType Basic
AuthUserFile /usr/local/apache/path/to/password/file
AuthName blabla
require valid-user
satisfy any
--------------------

Now, if I go to:

http://www.mydomain.com/cgi-bin/subname/cgiscript.cgi (notice the http, not
https)

it throws up the user name/password dialog box, I put in my user name and
password, and then I am able to access the script and the script works for
me just fine.  The problem is that it doesn't require me to use SSL.
Anyway...

I've tried adding SSLRequireSSL to the cgi-bin directory in httpd.conf.
Also tried the same in the .htaccess file.  The weird thing is that I have
another almost identical script one level above this directory (in the
cgi-bin directory) that I cannot access without SSL; which is correct.

I'm getting totally frustrated.  Any ideas, anyone?  BTW, I'm a relatively
new Apache user but I've read books, FAQs, etc. etc., so please take it easy
on me if this all really boils down to something stupidly simple.

Thanks!

Jeff


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org