On Sun, Aug 12, 2001 at 05:24:36PM -0400, Tony Nelson wrote:
> I've been through the documentation and FAQ several times.. and I'm very
> close to having my server setup the way I want, but not quite.. and it
> should be pretty simple.
>
> I have a simple apache server w/ a subdirectory that I want to ensure is
> only accessed via SSL.
>
> if a user attempts to access
>
> http://foo/bar
>
> I'd like them automagically redirected to
>
> https://foo/bar
Have you got two vhosts - on that runs plain HTTP on port 80 and one
that runs SSL on port 443?
Then it could be as simple as:
RedirectMatch ^/bar/(.*)$ https://foo/bar/$1
>
> Subsequent to the redirection, I need the users to be authenticated..
> simple basic authentication is fine..
Then just turn on authentication in that dir on the SSL vhost - it works
exactly as under a plain HTTP vhost.
>
> I've been through every combination I can think of, between doing it all in
> httpd.conf, or part in httpd.conf and part in .htaccess or all of it in
> .htaccess. I've gone from every result from no access to anything, to
> full access to everything, and just about everything in between.
>
> Here is my current httpd.conf particulars..
>
> <Directory "/usr/local/apache/htdocs/acid">
> AllowOverride All
>
> # If HTTPS is used, make sure a strong cipher is used.
> # Additionally allow client certs as alternative to basic auth.
> # SSLVerifyClient optional
> # SSLVerifyDepth 1
> # SSLOptions +FakeBasicAuth +StrictRequire
> # SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
>
> # Force clients from the Internet to use HTTPS
> RewriteEngine on
> RewriteCond %{HTTPS} !=on
> RewriteRule .* - [F]
> # RewriteRule (.*) https://itwatch.starpoint.com/acid [R]
>
> # Allow Network Access and/or Basic Auth
> # Satisfy any
>
> # Network Access Control
> # Order deny,allow
> # Deny from all
> # Allow 192.168.1.0/24
> # HTTP Basic Authentication
> AuthType basic
> AuthName "Starpoint ACID"
> AuthUserFile /usr/local/apache/etc/users
> Require valid-user
>
> </Directory>
>
You're mixing up the two vhosts - just to repeat: do you have a seperate
SSL vhost?
>
> I'm not sure what the SSL* options are used for, but any time I uncomment
> any of them my server won't start, complaining as follows:
>
> [root@itwatch conf]# ../bin/apachectl
> configtest
> Syntax error on line 364 of /usr/local/apache/conf/httpd.conf:
> Invalid command 'SSLVerifyClient', perhaps mis-spelled or defined by a
> module not included in the server configuration
>
Looks like your server doesn't support SSL. Check to see if it is compiled
in with: /path/to/apache/bin/httpd -l
Does it list mod_ssl? or if it lists mod_so - do you have the LoadModule
and AddModule directives for mod_ssl?
vh
Mads Toftum
--
With a rubber duck, one's never alone.
-- "The Hitchhiker's Guide to the Galaxy"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
