Re: configuration question

Tue, 19 Aug 2003 07:28:39 -0700

At 02:22 AM 8/19/2003 -0400, you wrote:
On Wed, 20 Aug 2003, Henrik Bentel wrote:

> Now, all my ssl configuration is under my secure virtual host, such that it
> applies to everything. However, I have quite a bit static content(images,
> css, javascript.,...) which doesn't need to be very secure. I somewhat only
> want to secure my dynamic content.

If I understand your question correctly, what you're wanting is to have
some web page that's served up with https, but to have the images on that
page be served by regular http.  You could do that, but every browser I
know of will throw a security warning in that case.  You can't mix secure
and non-secure content in the same document.

Does that answer your question?

Hi

not quite.
I still want everything under https, but I was wondering if there is a way to speed up processing per directory directive but still use https, such as my image -directory.
Currently I have everything for ssl configured in the virtual host and server config. SSL configuration included below.
Certificate is self signed from 1024 bit RSA key.


Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/opt/apache/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex sem
#SSLMutex file:/var/opt/apache/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
ErrorLog /var/log/httpd/secure_error_log
CustomLog /var/log/httpd/secure_access_log common
LogLevel warn

<VirtualHost 192.168.1.1:443>
ServerName 192.168.1.1
DocumentRoot "/opt/mydocRoot"
ErrorLog /var/log/httpd/secure_error_log
TransferLog /var/log/httpd/secure_access_log
LogLevel warn

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /opt/app/conf/mycert.crt
SSLCertificateKeyFile /opt/app/conf/mycert.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
#CustomLog /var/log/httpd/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>



-Henrik Bentel

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to