On Tue, 6 Mar 2001, Martin Kong wrote:
> I have a few pages on a web site that I want to protect with SSL. I
> have changed the links to those pages with fully qualified path, i.e.
> https://www.mysite.com/pagename.html instead of just /pagename.html.
> This all works fine. But onces user is in SSL mode, the whole site will
> be in SSL mode since most of the links are based on document root
> instead of full qualified.
>
> Is there a way I can configure Apache (Apache 1.3.17 on Linux) so that
> it will automatically switch to http when accessing these other pages on
> the site?
The best way to do this is to create virtual hosts (one for port and one
for port 443) and put your secure pages under a different document root
than the unsecure pages so that access can't be mixed up.
Another trick is to use mod_alias (or mod_rewrite) and do automatic
redirections from pages in a certain area to a protected area:
Redirect /Login https://www.mydomain.com/Login
This way you don't need to change the links in your HTML, they will
automatically get redirected, even when they are requested as http:// You
should still organize your pages so that secure pages and non-secure
aren't all in the same directory. It will make your life a lot easier.
These redirects should also be put into a virtual host for port 80:
<virtualhost _default_:80>
Redirect ...
</virtualhost>
-- Brett
http://www.chapelperilous.net/~bmccoy/
------------------------------------------------------------------------
You will be held hostage by a radical group.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
