Here is the fix for those who are interested.
Under your virtual host put RewriteEngine On
Under the directory put
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
Options Followsymlinks
RewriteEngine On
RewriteBase /
RewriteRule (^servlet/.*$) http://localhost:8888/$1 [P]
etc. Note that the RewriteRule does not have the first / and the
destination has the / at the end. This is because of RewriteBase. I have
found that if you do not put RewriteBase under the <Directory then all
Rewrite rules are ignored.
With this Apache will generate a 403 error if the browser doesn't support
128 bit keys. Last got'yer is the ErrorDocument. You must put a full URL
on this:
eg. ErrorDocument 403 http://[hostname]/errors/403.html if you don't Apache
will send back a redirect of https://[hostname/errors/403.html and any
relative urls in the page will have https on them which will cause another
403 and into an infinite loop.
Regards
Mike
-----Original Message-----
From: Bray, Mike [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 14, 2002 1:40 PM
To: '[EMAIL PROTECTED]'
Subject: Rewrite and SSLRequire
I am trying to force 128 bit encryption and send back a friendly page if the
test fails. I have implemented the use of SSLRequire testing the key size.
This works fine if you reference an html file. Putting
https://localhost/index.html from an export level browser forces a 403
error. I have an ErrorDocument 403 specified. The problem comes with .jsp
files. We are using the Oracle OC4J (Orion) Java containers and have a
Rewrite rule for .jsp and servlets, i.e:
RewriteRule (^/servlet/.*$) http://localhost:8888$1 [P]
RewriteRule (^.*jsp.*$) http://localhost:8888$1 [P]
RewriteRule (^.*jsp[?\/].*$) http://localhost:8888$1 [P]
If you reference https://localhost/index.jsp from a export level Netscape
Navigator the 403 error page is displayed. If you do the same from an
export level Microsoft IE the .jsp page is displayed without the images.
On further investigation I have found that the Rewrite rule is being used
before the SSLRequire and therefore sends the request to OC4J. I have tried
to put the RewriteRule in the same <Directory statement as the SSLRequire
and added Options FollowSymLinks as specified but the RewriteRule is
ignored.
Does anyone know of a way around this?
Any help appreciated.
Regards
mike Bray
Siemens Business Services
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
