>
> How do I restrict access on a mod_ssl server in certain
> directories to ONLY
> SSL encrypted sessions?
>
Hi,
0. I'm using still running Apache/1.3.6 (Win32) ApacheJServ/1.0
mod_ssl/2.3.3 OpenSSL/0.9.3a therefore I'm not on the latest infos.
1. Be sure not to define a normal alias with the secure dirs.
(Because I use apache as a service on NT, where there is no possibility
AFAK to enter a pwd, I let it automatically start and read the certs.)
in http.conf and restart your apache -
##
## SSL Support
##
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
##
Listen 443
Listen 80
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLCertificateFile "C:/tools/Apache Group/Apache/server.crt"
SSLCertificateKeyFile "C:/tools/Apache Group/Apache/server.key"
SSLLog "C:/tools/Apache Group/Apache/logs/ssl.log"
SSLLogLevel warn
SSLSessionCache "dbm:C:/tools/Apache Group/Apache/logs/ssl_gcache_data"
<VirtualHost _default_:443>
Alias /number "C:/number"
Alias /mpr "C:/servlets_test"
Alias /download "C:/Download"
SSLEngine on
</VirtualHost>
2. This is my entry for the servlets, I've never tested it for cgi, but
it works fine on jserv, but I dont know if its the "right" way.
<Location /servlets>
SSLRequireSSL
</Location>
tom
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
