[EMAIL PROTECTED] wrote:
> Actually, IMHO, it's a better approach (and more visually appealing)
> to just create a Non-Secure virtual host pointing to another
> directory with a single index file displaying a message and an https
> link or a <META> header forceing a redirect. Remember, many people
> don't type "http" in their browser and a lot of people don't even
> know about "https".
>
>
> <virtualhost 1.2.3.4:80>
> DocumentRoot /web/fakesite
> </virturalhost>
> <virtualhost 1.2.3.4:443>
> DocumentRoot /web/realsite
> </virtualhost>
this does not address any of my problems. As I said originally I'm
trying to create a virtual server that listens on a given port, and
does a local proxy to another.
> Seems better to me then post some "mod_ssl" 403 error.
yes, it's an ugly error. but the clients are not users or web
browsers, and it appears the only real way to get the behavior I want,
so I'll live with it.
seph
> seph wrote:
>
> > I frobbed a good deal more. I determined that:
> >
> > SSLEngine on in a VitualHost and there's no mod-rewrite, than apache
> > does not accept http requests.
> >
> > However, if mod-rewrite is proxing internally, than apache accepts
> > both http and https. I'm not really sure why. is this a bug?
> >
> > the end result was that I did:
> >
> > # allow only https requests
> > RewriteCond %{HTTPS} ^on$
> > RewriteRule /(.*) http://localhost:8888/%{SSL_CLIENT_S_DN_Email} [P]
> > # otherwise forbid
> > RewriteRule /.* / [F]
> >
> > and that http clients get a 403 saying:
> > You don't have permission to access /mod_ssl:error:HTTP-request on this server.
> >
> > seph
> >
> > Referance:
> >
> > seph <[EMAIL PROTECTED]> writes:
> >
> >> I'm trying to create a virtual server that listens on a given port,
> >> then proxies to another. I'm doing this using rewrite. it works
> >> well. However, I'd like only ssl clients to be able to access this
> >> virtual server. As it stands apache allows both http and https
> >> methods. As RequireSSL isn't allowed, I'm not sure how to do
> >> this. anyone know?
> >>
> >> from my apache config:
> >>
> >> listen 8988
> >> <VirtualHost 10.0.0.24:8988>
> >> ServerAdmin [EMAIL PROTECTED]
> >>
> >> SSLEngine on
> >> SSLCertificateFile /etc/apache/ssl.pem/div.auctionflow.com.pem
> >> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> >> SSLVerifyClient require
> >> SSLVerifyDepth 5
> >>
> >> SSLCACertificateFile /etc/apache/ca.crt
> >>
> >> RewriteEngine On
> >> RewriteRule /(.*) http://10.0.0.24:8888/%{SSL_CLIENT_S_DN_Email} [P]
> >>
> >> </VirtualHost>
> >>
> >>
> >> seph
> >> ______________________________________________________________________
> >> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> >> User Support Mailing List [EMAIL PROTECTED]
> >> Automated List Manager [EMAIL PROTECTED]
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
> >
> >
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
