I use an unsecured Virtual Host on my HTTP side and redirect all requests to HTTPS using a "Redirect seeother".
-----Original Message----- From: CJ Kucera [mailto:[EMAIL PROTECTED]] Sent: Friday, April 05, 2002 7:01 AM To: [EMAIL PROTECTED] Subject: Respond only to SSL requests? Hello, list . . . I've got a website that uses Apache, mod_ssl and HTTP authentication. Apache only listens on one port, and the only protocol I want to support on it is HTTPS. This is almost working okay: Apache won't serve up any pages if the client is using ordinary HTTP. It just gives a "Bad Request" response. However, because I'm using HTTP authentication, Apache still challenges the browser even if it's trying to use HTTP, which means that if someone mistypes the URL (typing http://host:port/ instead of https://host:port/), the password will be sent over the internet without encryption. Granted, Apache won't actually serve up any PAGES once the user's authenticated over HTTP (it'll just throw the "Bad Request" message), but I'd rather that the passwords couldn't be sent that way at all. Is there any way to get Apache to completely disregard any regular HTTP traffic? I'm running Apache 1.3.24 and mod_ssl 2.8.8. Thanks much in advance, and apologies for the badly-worded request. My communication skills seem to be severely malfunctioning this morning. :) -CJ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
