Hi folks,
I asked this question a couple of weeks ago, but got no responses,
so I thought I might try again:
I get a syntax error from "httpd -t" (or "apachectl configtest") when
I use SSLRequireSSL inside a <Directory>, like this:
<Directory /some/secure/directory>
SSLRequireSSL
</Directory>
<VirtualHost some.ip.add.ress:8443>
ServerName my.server.name
DocumentRoot /some/secure/directory
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
{etc.}
</VirtualHost>
(I'm using Apache/1.3.11, OpenSSL/0.9.4, mod_ssl/2.5.0 on Solaris/2.6)
On the other hand, I can start apache (apachectl startssl), and it runs.
If I try to access http://my.server.name:8443/, I get a "Forbidden, You
don't have permission to access /mod_ssl:error:HTTP-request on this
server." (a strange error message, which makes me think something is
wrong). I can only access this particular virtual host with https://
So... other than that strange error message, it all seems to work
correctly.
According to the Reference manual, the context of SSLRequireSSL is
"directory, .htaccess". Should this be causing a syntax error? It's
preventing me from being able to do a restart with apachectl.
I was using SSLRequireSSL on that directory to "defend against
configuration errors that expose stuff that should be protected"
[modssl ref manual].
I saw a similar thread in the archives, back in August 1999, where
Cliff Woolley suggested using Alias+Location rather than Directory,
and putting the whole thing inside the VirtualHost. But this doesn't
stop me from (unintentionally) allowing non-SSL access to this directory
from some other VirtualHost.
Help!
---
Patrick Robinson
CALS & 229 Distance Education, Virginia Tech
[EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
