On Thu, Nov 26, 1998, Surasak Sukhsawas wrote:
> Thank you for your reply mail. I have another question. If I have a host with
> the following info:
>
> IP: 208.1.2.3
> HOSTNAME: myhost.mycompany.com
> CNAME1: news.mycompany.com
> CNAME2: secure.mycompany.com
>
> Then I wanna run https server on this host. How can I set it so that:
>
> 1. browsing to https://208.1.2.3/ won't work AND
> 2. browsing to https://myhost.mycompany.com/ won't work AND
> 3. browsing to https://news.mycompany.com/ won't work AND
> 4. browsing to https://secure.mycompany.com/ will work ?
In other words, only access through the canonical FQDN secure.mycompany.com
should be allowed. There are more than one way to do this in Apache. The
mod_setenvif/mod_auth way can be:
SetEnvIf Host ^$ access-allowed
SetEnvIf Host ^secure\.mycompany\.com$ access-allowed
SetEnvIf Host ^secure\.mycompany\.com:443$ access-allowed
<Location />
order deny,allow
deny from all
allow from env=access-allowed
</Location>
The mod_rewrite way can be:
RewriteEngine on
RewriteCond %{HTTP_HOST} !=""
RewriteCond %{HTTP_HOST} !^secure\.mycompany\.com(:443)?$
RewriteRule ^/.* - [F]
The check for the not existing Host header is just to allow old browsers (who
don't send it) access, too. If you don't want this, leave the SetEnvIf for
^$ or the RewriteCond for "" out.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
