RE: Securing directories

Robert Lagana Fri, 08 Nov 2002 11:57:13 -0800

Title: RE: Securing directories

Thank you very much Paul.

Regards,
Robert

-----Original Message-----
From: Paul Bleimeyer [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 08, 2002 2:45 PM
To: '[EMAIL PROTECTED]'
Subject: Re: Securing directories

Rob,

You might want to use a restricted realm setup and use the
authnname and setup a number of users to control the access.
Part I: Restricting access.
Using a authorization file on the folder in question is also
possible, but if your users create subfolders, then they will
be prompted to reauthenticate as they traverse the subfolders.

Using the Authusername might be easier.

Part II: Secure vs. unsecure connections:
If you have both 80 and 443 bound to each of these
virtual websites, then users will be able to connect on each
port. Inserting the access controls mentioned at the top will
work across both. If you want to insure that users are not able
to open this connection via 80, then do not include this
port in your listen statements in http.conf.

There are many different ways to deal with this. See the following
for more details.

Binding ports and the listen option:
http://httpd.apache.org/docs-2.0/bind.html

Authentication overview.
http://httpd.apache.org/docs-2.0/howto/auth.html

Users via a password file:
http://httpd.apache.org/docs-2.0/howto/auth.html#gettingitworking

Users via a groups file:
http://httpd.apache.org/docs-2.0/howto/auth.html#lettingmorethanonepersonin

On Fri, 8 Nov 2002, Robert Lagana wrote:

> Hello,
i>
> Using mod_ssl .. on Apache .. I would like to secure two directories..
>
> https://www.domain.com/homedir <https://www.domain.com/homedir>
>
> https://www.domain.com/homedir2 <https://www.domain.com/homedir2>
>
> Now if user go to http://www.domain.com <http://www.domain.com> will users
> get a pop up saying that SSL is required?
>
> Is this just a matter of having Port 80 and Port 443 enabled?
>
> Do I set these directories up as virtual hosts?
>
> Is there a link someone can provided that explains this?
>
> Thanks,
> Rob
>
>
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

RE: Securing directories

Reply via email to