On Thu, 2 Mar 2000, Karl Denninger wrote:
> The syntax suggested in the apache.conf.default file doesn't appear to work
> - I'm sure I'm doing something stupid, and would appreciate a snipped from a
> config file that does the job.
>
> Basically, I want to lock down certain CGI programs so they CANNOT be
> executed unless the session is encrypted. I don't mind rejecting the
> request (re-writing it to https: from http: is not really what I'm after;
> I'd prefer to just bounce it)
Well, what I did was create a separate web root and separate cgi-bin for
the SSL virtual host. I can't imagine why that wouldn't work, since that
virtual host only runs on port 443:
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/usr/local/apache/ssldocs"
ServerName ssl.pil.net
ErrorLog logs/error_log
TransferLog logs/access_log
ScriptAlias /cgi-bin/ "/usr/local/apache/ssl-cgi-bin/"
<snip>
James Smallacombe PlantageNet, Inc. CEO and Janitor
[EMAIL PROTECTED] http://3.am
=========================================================================
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
