Hello,
I am trying to get apache+mod_ssl to check hosts before starting the SSL. The basic setup is the main site is not SSL enabled but a portion of it is, this portion is restricted by hostname and uses SSL. Here is what I have for the config:
<Location /private>
order deny,allow
deny from all
allow from private.com
<IfDefine SSL>
SSLCipherSuite HIGH:MEDIUM
SSLRequireSSL
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
</IfDefine>
</Location>
I would like to have it simply deny them before starting the SSL process. What happens now is they go through the SSL process of accepting our cert then they are denied, our ca is not recognized by the browsers which makes this even more of a pain for folks that do not have access to that area. Is there anyway to have it simply deny them first before starting the process?
As a quick fix I simply did a location called /hold placed the allow,deny directive there with a quick redirect page but this seems extreme when I would think there must be a better way.
Last question is there anyway to setup a special error page for this type of config. Right now it goes to the system default one we created, I would like to have one for "your hosts is not authorized" and one for "your browser does not support 128bit" is this possible?
Thanks
James Simmons
