Tony, Thanks for the info, that's what I have tried at first too. The problem with SSLRequireSSL is that it absolutely requires calls to use https (which is good), but rejects any non-https calls and redirects you to default Apache error pages instead.
Knowing that, however, I added couple entries to the .htaccess file in that directory to redirect visitors to the correct URLs, using https, instead of sending them to the Apache error pages. This way http calls get redirected to https (that's error 403), and explicit calls to non-existing files get redirected as well to https://correctURL. Did the last one just to stop snoopers from poking and looking for any specific files. Works great! Here's what the end result looks like: ErrorDocument 400 https://www.domain.com/secret ErrorDocument 403 https://www.domain.com/secret <IfModule mod_ssl.c> SSLRequireSSL </IfModule> Chris ----- Original Message ----- From: "Anthony E. Greene" <[EMAIL PROTECTED]> Sent: Thursday, April 03, 2003 7:24 PM Subject: Re: Force SSL-only within a folder > On 03-Apr-2003/16:55 -0800, Chris <[EMAIL PROTECTED]> wrote: > >Does anyone know of a simple way (maybe using .htaccess?) to force all > >files within a directory to be accessed only with secure https protocol > >(Red Hat 7.2 + Apache)? Ie: even if someone overwrites the URL with > >http, have it automatically redirect to the same URL but with https > >prefix...? > > This is from my personal archive of useful redhat-list messages, courtesy > of Alexey Fadyushin <[EMAIL PROTECTED]>: > > *********************************************************************** > The directive SSLRequireSSL forbids access unless HTTPS is used for the > connection. > > You should use directive 'SSLRequireSSL' in your httpd.conf file among > the configuration directives for the directory with your webpages. > Also, you can use that directive in the .htaccess file in the directory > with your webpages. > *********************************************************************** > > Tony -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
