Ralf,
Which would be the best way to add SSLRequireSSL for the https enabled
virtual host, using the <LOCATION> directive within the virtualhost
settings, or using <DIRECTORY> for the directories in question?
Rob Bastille
IT Department Manager
WildcatBlue.Com - http://www.wildcatblue.com/
First Computer Solutions, Inc. - http://fcomsolutions.com/
(606) 625-9453 (Voice)
(606) 624-1233 (Fax)
"The soul would have no rainbow had the eyes no tears"
-----Original Message-----
From: Ralf S. Engelschall [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, December 15, 1999 2:09 AM
To: [EMAIL PROTECTED]
Subject: Re: SSLRoot
On Tue, Dec 14, 1999, Blair Lowe wrote:
> I checked the 2.4 manual, and there was only a small bit on this but
> I was not sure if modssl supports this, or not.
>
> What I would like to do is have the ssl root directory different than
> the httpd root directory, whilst running only one apache instance.
>
> I am aware of the DocumentRoot directive for virtual hosts, but will
> this be enough security for the SSL area so that reg. http clients
> can't access this area?
>
> Anyone know if this can be done?
> Is this a bad idea?
No, using a <VirtualHosts> for HTTPS and there a different DocumentRoot is
the
way to go. And as long as you don't have some broken RewriteRule's or other
URL mapping stuff in your HTTP config, no one should be able to fetch the
secure data via HTTP. Additionally you should apply SSLRequireSSL to your
HTTPS DocumentRoot to make sure that really HTTPS is required to access
these
files.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]