Re: Enabling a single directory as SSL enabled

Mon, 26 Mar 2001 11:11:21 -0800 


--- Scott Brown <[EMAIL PROTECTED]> wrote:
> I'm probably looking for an answer to a FAQ.... tell me where it's
> listed, and I'll take it from there.

lol -- on these lists, a lot of the time. Read back through the
archives.

> I'm from a MS-IIS background - and when I want to make a directory
> secure, it's easy to tell the system via the MMC that /secure/ is to
> have a secure connection requirement.

But not via webserver......

> Is there any way to set Apache up such that it recognizes that a
> specific directory is supposed to be secure?

There are definitely ways, but they require a bit of a hack.

I recently wrote an article for how to do this with mod_perl at
 http://take23.org/articles/2001/03/12/redirect.xml?style=printable
but if you don't have mod_perl installed you could do basically the
same thing with mod_rewrite, I'm pretty sure. (mod_rewrite docs are at
http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html )

It boils down to this: before the web server looks to see which
directory you want, it has already either established a secure protocol
or a nonsecure one. If you have nonsecure accesses redirected
externally to the secure port, you tell the browser to ask using the
right "language" (say please, basically).

Hope that helps.

> I've tried a
> 
> <virtualhost www.mytestdomain.com>
>       ...non-ssl directives
>       <Directory /secure/>
>               SSLEngine on
>               SSLRequireSSL
>               etc..etc.. (including cert/key definitions)
>       </Directory>
> </virtualhost>
> 
> but it's not behaving as I would expect (at very least I would be
> expecting it to complain that my site cert's name doesnt match my
> testdomain's name - but it doesnt)...
> IE5.01 doesnt display the locked symbol - BUT it is saying
> that it has a cert (and no, I've not installed the cert...)
> 
> Is it not possible to have a subdirectory of a domain declared and
> processed as SSL enabled under Apache/modssl/openssl??

no and sort of. See above. ;o)

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to