11-Jul-99 22:51 you wrote:
> Dear List Members,
> We have successfully installed Apache 1.3.6 with openssl 0.9.3a, and mod_ssl
> 2.3.3-1.3.6. We are using a httpd.conf file little changed from the one
> created by the installation. Having experimented, read the mail list archives,
> and read the manual at http://www.modssl.org/, there is still an issue that is
> confusing us. We would like to set things up in such a way that documents
> can only be accessed via https, and so that if a user references a document
> using http, he/she will be redirected to the same document via https. It would
> seem that SSLRequire and SSLRequireSSL should allow this, but we can't get
> them to work this way. I think what we need are some concrete examples of
> their use (the manual really needs examples, not just reference definitions).
> Anyone willing to share some experience? You can reply directly by email,
> and replies will be summarized and the summary sent back to the list.
SSLRequireSSL will prevent your from accidently accessing protected documents
via HTTP (instead of HTTPS). That's all. Nothing more. No automatic redirects.
If you really need them then you'll need mod_rewrite ...
> What we've done for the moment is create a top-level index.html file that
> redirects to the actual top-level document, but using a URL with https.
> Since we use only relative URLs within the document, as the user cruises
> around, everything is done using https. This works, but of course does not
> prevent a user from saving a url and accessing it later using http instead
> of https.
> Thanks in advance for any advice or pointers...
You need SSLRequireSSL (just in case: to prevent accessing via HTTP) and
redirect via mod_rewrite ...
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
