I don't have the time to investigate this fully in the context of SSL but from a general understanding of how apache combines nested directives like this, I think you might need to change the order of the Location containers. The rules for combining directives are a bit complicated and (I have to say) not entirely well-documented. I think you need to consider the line in sections.html document (look for a link in docs from the <Location> doc):
"... each group is processed in the order that they appear in the configuration files ..." This would imply that apache loads the rule for /upgrade.html then overrides it with the rule for /. I am assuming here that "order" refers to the order in which apache reads data from the config during startup and not the order in which applies directives to incoming requests... Confused? Me too... Rgds, Owen Boyle >-----Original Message----- >From: Jeroen Vriesman [mailto:[EMAIL PROTECTED]] >Sent: Montag, 19. August 2002 12:28 >To: [EMAIL PROTECTED] >Subject: redirecting users part 2 > > >Hi, > >I'm trying to redirect users who don't have enough encryption >capabilities for 128 bit (see previous mail). > >I've tried the following (but it doesn't work): > > >Add upgrade.html (the text users with old browsers are >supposed to get) to index: > >DirectoryIndex index.html index.htm Index.html Index.htm >INDEX.HTML INDEX.HTM upgrade.html > > >Initiallay allow all strengths: > >SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+SSLv2:+EXP:+eNULL > >And then: > ><Location /upgrade.html> > SSLRequire %{SSL_CIPHER_USEKEYSIZE} < 128 ></Location> > ><Location /> > SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 ></Location> > >But it doesn't work, any idea why it doesn't work? > >Cheers, >Jeroen. >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
