Apache: secure access

Mon, 01 Oct 2001 13:31:11 -0700 

Hi,
I'm looking to allow only secure access to webcal (a web-based calendar) from 
the internet. I also want to allow non-secure access to other web pages serverd 
by the webserver. I think I understand how to fdo this, but I don't know for sure.

I've read an SSL How-To at linuxdoc.org regarding creating a secure webserver 
with RedHat, http://linuxdoc.org/HOWTO/SSL-RedHat-HOWTO.html, and followed most 
of the instructions for creating a .key and a .crt file. The step I'm stumbling 
on is configuring the webserver.

The document provides a sample virtual host config for httpd.conf as follows:
<VirtualHost 172.18.116.42:443>
           DocumentRoot /etc/httpd/htdocs
           ServerName www.somewhere.com
           ServerAdmin [EMAIL PROTECTED]
           ErrorLog /etc/httpd/logs/error_log
           TransferLog /etc/httpd/logs/access_log
           SSLEngine on
           SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
           SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
           SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
           <Files ~ "\.(cgi|shtml)$">
                 SSLOptions +StdEnvVars
           </Files>
           <Directory "/etc/httpd/cgi-bin">
                 SSLOptions +StdEnvVars
           </Directory>
           SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
           CustomLog /etc/httpd/logs/ssl_request_log \
                     "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

But doesn't this make the entire web site a secure host, or would it be just 
cgi scripts and shtml pages? How would I set this up so that only webcal 
requires a secure connection? How do I set it up so that Webcal will NOT accept 
an insecure connection? Do I configure that in the <Files> and <Directory> 
sections? Like this...
           <Files ~ "\.(cgi|shtml)$">
                 SSLOptions +StdEnvVars
           </Files>
           <Directory "/etc/httpd/cgi-bin/webcal">
                 SSLOptions +StdEnvVars
           </Directory>

Would that require connections to <IP address>/cgi-bin/webcal/webcal.cgi be 
secure? I THINK that's what it does, but I wanted to run it by folks who've 
done this sort of thing before.

As always, any help is appreciated and thanks for listening.

Tim

_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc 
->http://linux.nf/mailman/listinfo/linux-users

Reply via email to