On Wed, Nov 17, 1999, Stefan H. Holek wrote:
> > I want to force only https to certain directories,
> > so following the example in Chapter 5 [last example],
> > <Directory /usr/local/apache/htdocs/secure>
> > RewriteEngine on
> > RewriteCond %{HTTPS} !=on
> > RewriteRule .* - [forbidden]
> > </Directory>
> >
> > still allows both http and https.
>
> I am experiencing a (somehow, possibly) related
> problem. I cannot make the following work
>
> <Directory /blah1>
> SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
> </Directory>
>
> However, this *does* work:
>
> <Directory /blah2>
> SSLRequire %{SSL_CIPHER} !~ m/^(EXP|NULL)-/
> </Directory>
>
> Using some CGIs at the proper locations I was
> able to verify the environment.
> SSL_CIPHER_USEKEYSIZE *is* 40 when I am using an
> export browser! Still, not "forbidden".
>
> Setup:
> Apache-1.3.9 + mod_ssl-2.4.8-1.3.9/OpenSSL-0.9.4 + php-3.0.12
>
> Ideas?
Hmmm... today I've less time (because today is my birthday ;), so I cannot
immediately check why it doesn't work for you. But this request ("I want to
force HTTPS for a particular directory") is one which often occurs, so we
should check this and perhaps even add an entry to the FAQ or the HowTo
section of the user manual. I'll look at this at the weekend.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
