Configuration question: SSLRequire(SSL), how to *require* use of SSL

[R. P. Channing Rodgers, M.D.]

Dear List Members,

We have successfully installed Apache 1.3.6 with openssl 0.9.3a, and mod_ssl
2.3.3-1.3.6.  We are using a httpd.conf file little changed from the one
created by the installation.  Having experimented, read the mail list archives,
and read the manual at http://www.modssl.org/, there is still an issue that is
confusing us.  We would like to set things up in such a way that documents
can only be accessed via https, and so that if a user references a document
using http, he/she will be redirected to the same document via https.  It would
seem that SSLRequire and SSLRequireSSL should allow this, but we can't get
them to work this way.  I think what we need are some concrete examples of
their use (the manual really needs examples, not just reference definitions).
Anyone willing to share some experience?  You can reply directly by email,
and replies will be summarized and the summary sent back to the list.

What we've done for the moment is create a top-level index.html file that
redirects to the actual top-level document, but using a URL with https.
Since we use only relative URLs within the document, as the user cruises
around, everything is done using https.  This works, but of course does not
prevent a user from saving a url and accessing it later using http instead
of https.

Thanks in advance for any advice or pointers...

Cheerio, Rick Rodgers
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]