Re: allowing only ssl in a virtual server

Tue, 13 Feb 2001 18:00:57 -0800

Actually, IMHO, it's a better approach (and more visually appealing) to just create
a Non-Secure virtual host pointing to another directory with a single index file displaying
a message and an https link or a <META> header forceing a redirect.  Remember, many people don't
type "http" in their browser and a lot of people don't even know about "https".

<virtualhost 1.2.3.4:80>
   DocumentRoot /web/fakesite
</virturalhost>
<virtualhost 1.2.3.4:443>
   DocumentRoot /web/realsite
</virtualhost>

Seems better to me then post some "mod_ssl" 403 error.

JDb

seph wrote:
[EMAIL PROTECTED]">
I frobbed a good deal more. I determined that:

SSLEngine on in a VitualHost and there's no mod-rewrite, than apache
does not accept http requests.

However, if mod-rewrite is proxing internally, than apache accepts
both http and https. I'm not really sure why. is this a bug?

the end result was that I did:

# allow only https requests
RewriteCond %{HTTPS} ^on$ 
RewriteRule /(.*) http://localhost:8888/%{SSL_CLIENT_S_DN_Email} [P]
# otherwise forbid
RewriteRule /.*  / [F]

and that http clients get a 403 saying:
You don't have permission to access /mod_ssl:error:HTTP-request on this server.

seph

Referance:

seph <[EMAIL PROTECTED]> writes:

I'm trying to create a virtual server that listens on a given port,
then proxies to another. I'm doing this using rewrite. it works
well. However, I'd like only ssl clients to be able to access this
virtual server. As it stands apache allows both http and https
methods. As RequireSSL isn't allowed, I'm not sure how to do
this. anyone know?

from my apache config:

listen 8988
<VirtualHost 10.0.0.24:8988>
  ServerAdmin [EMAIL PROTECTED]

  SSLEngine on
  SSLCertificateFile /etc/apache/ssl.pem/div.auctionflow.com.pem
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
  SSLVerifyClient require
  SSLVerifyDepth 5   

  SSLCACertificateFile /etc/apache/ca.crt

  RewriteEngine On   
  RewriteRule /(.*) http://10.0.0.24:8888/%{SSL_CLIENT_S_DN_Email} [P]

</VirtualHost>


seph
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to