Don Smith wrote:
> I would like to restrict a portion of our web site to ONLY allow https
> connections, NOT http.
> And have the rest of the site to ONLY allow http, NOT https.
> Currently I can get to everywhere with both http and https on my test system.
Here's my tuppence-worth:
You have to clearly separate the HTTP and SSL hosts and ports. Use
Listen with the IP address and define the port number in the Virtualhost
directive. Carefully check that you do not unwittingly allow HTTP access
to the SSL area. E.g.
Listen 192.168.1.1:80
<VirtualHost 192.168.1.1:80>
DocumentRoot /path/to/http/area
...etc
</VirtualHost>
Listen 192.168.1.1:443
<VirtualHost 192.168.1.1:443>
DocumentRoot /path/to/ssl/area
SSLEngine on
...etc
</VirtualHost>
Notes:
- in this example the Listen directives are not really required but
included for clarity (you may be using different ports).
- it is the port number in the VH directive which really blocks HTTP to
the SSL host and vice-versa.
- make sure that the SSL area is not in a sub-directory of the HTTP
DocRoot (or you could still find your way to it via HTTP).
Lotsa Luck,
OWen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
