securing a directory with SSLRequireSSL

[St�phane THIBAUDEAU]

Hi,

I'm using RedHat 5.2, Apache 1.3.6 and mod_ssl 2.2.8-1.3.6

I'd like to protect the directory
"/home/my_project/public_html/intranet/secure_area" with SSL to have it
unreachable using HTTP. But I'd like to provide access to pages in the
directory "/home/my_project/public_html/intranet/unsecure_area" using HTTP
(I don't mind if it's possible to access it with HTTPS or not).

To do that, I wrote a ".htaccess" file in "secure_area" with only
SSLRequireSSL and I declared 2 virtual hosts as you can see below:

<VirtualHost linux-intranet:443>

SSLCACertificatePath /path/to/apache/conf/ssl.crt/
SSLCACertificateFile /path/to/apache/conf/ssl.crt/snakeoil-ca.crt
SSLCertificateFile /path/to/apache/conf/ssl.crt/snakeoil.crt
SSLCertificateKeyFile /path/to/apache/conf/ssl.key/snakeoil.key
SSLVerifyClient 0
SSLVerifyDepth 10
SSLLogFile /tmp/ssl.log
SSLEnable

DocumentRoot "/home/my_project/public_html/intranet"
</VirtualHost>

<VirtualHost linux-intranet:8003>
DocumentRoot "/home/my_project/public_html/intranet"
</VirtualHost>


My problem is that it's still possible to access "secure_area" with HTTP.

What am I missing? Could you give me some advice to do what I want?

Thanks in advance,

St�phane.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]