Re: How to restrict a portion of web site to ONLY https?

Wed, 20 Sep 2000 00:54:14 -0700 

** Reply to note from "Don Smith" <[EMAIL PROTECTED]> Thu, 14 Sep 2000 10:42:14 -0700
>   
> Hi all, new to this ssl thing. I am pretty familiar with regular Apache,
> but this ssl stuff is greek to  me, but I'm getting it slowly! :-) Tried
> Apache-ssl and got it working, wasn't very easy. So, here I am with Apache
> with mod-ssl, much easier to config, etc! :-) OK, here's my question. I
> would like to restrict a portion of our web site to ONLY allow https 
> connections, NOT http. And have the rest of the site to ONLY allow http,
> NOT https. Currently I can get to everywhere with both http and https on
> my test system. I apologize if this question has been asked before, I did
> search the modssl  site, Deja, etc. I'm guessing I have to use Virtual
> Host in some way? Thanks Don

You are already using <VirtualHost>.  At least the SSL enabled side of the
site is defined in one.

What to do:

Create a new directory in the directory that contains your existing
DocumentRoot directory.  Maybe call it securedocs.

Move all of the site you want to be secured into that directory.  

NOTE: all images refered to by the secured pages must be sent from the
secured directory.  It is an error to include non-secured content in a
secured page and all you will get is broken images.  You can use a symlink
to duplicate an images directory like this:   ln -s ../htdocs/images images
assuming your current DocumentRoot is named htdocs, and you are currently in
the securedocs directory.  FollowSymlinks or SymlinksIfOwnerMatch must be
enabled in Options of your httpd.conf.

Edit your httpd.conf, or whatever config file contains the secured
<VIrtualHost> definition, and make its DocumentRoot point to the securedocs
directory.

You might also want to add a <Directory> block that points at the securedocs
directory that includes the  SSLRequiteSSL directive to insure the contents
of the directory are not sent without SSL.

Restart Apache.




Rick Widmer
Internet Marketing Specialists
http://www.developersdesk.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to