apache SSL help

Craig White craigwhite at azapple.com
Tue Oct 17 10:02:39 MST 2006


On Tue, 2006-10-17 at 11:30 -0500, alex at crackpot.org wrote:
> Quoting Craig White <craigwhite at azapple.com>:
> 
> > On Tue, 2006-10-17 at 10:56 -0500, alex at crackpot.org wrote:
> >> Quoting alex at crackpot.org:
> >>
> >> > You need 2 virtual hosts.  One for normal http, and the other for
> >> > https.  I just wrote these samples off the top of my head, so you
> >> > might need to check the syntax in the docs, but this setup will work.
> >> >
> >> > NameVirtualHost 0.0.0.0
> >> >
> >> > <VirtualHost 0.0.0.0:80>
> >> >    ServerName cms.tobyhouse.com
> >> >    Redirect / https://cms.tobyhouse.com/
> >> > </VirtualHost>
> >> >
> >> > <VirtualHost 0.0.0.0:443>
> >> >    ServerName cms.tobyhouse.com
> >> >    SSLRequireSSL
> >> >    # other directives
> >> > </VirtualHost>
> >>
> >> Sorry, Craig, I should have read your post a little closer.
> >> SSLRequireSSL need to be in a <Directory> like you have it, not in the
> >> <VirtualHost>.  How to relax the SSLRequireSSL in a subdirectory?  I
> >> don't know that one, but I'll keep looking.
> > ----
> > actually, the killer seems to be the Redirect Permanent /drupal line
> > because even if I just do a 'wget
> > http://localhost/drupal/modules/civicrm/extern/soap.php' the Redirect is
> > in play and it shifts automatically to an https request
> >
> 
> If you'd like to redirect all requests to https, except that  
> directory, I think you can use RedirectMatch, and write a regexp to  
> exclude the /drupal directory.
> http://httpd.apache.org/docs/2.0/mod/mod_alias.html#redirectmatch
> 
> Does that sound useful?
----
In the sense that the only thing this server is doing is serving drupal
and it is the one I want to ensure is using SSL, no.

What I am trying to accomplish is to require SSL on everything but one
specific URL.

With the Redirect Permanent /drupal line commented out

and the <Directory>/drupal SSLRequireSSL</Directory> commented out, life
is good but then of course, I don't ensure that I have that people are
using SSL and it's entirely possible for them to login and use their
network credentials without encryption.

Craig



More information about the PLUG-discuss mailing list