Re: Configuration question: SSLRequire(SSL), how to *require* use of SSL
11-Jul-99 22:51 you wrote: > Dear List Members, > We have successfully installed Apache 1.3.6 with openssl 0.9.3a, and mod_ssl > 2.3.3-1.3.6. We are using a httpd.conf file little changed from the one > created by the installation. Having experimented, read the mail list archives, > and read the manual at http://www.modssl.org/, there is still an issue that is > confusing us. We would like to set things up in such a way that documents > can only be accessed via https, and so that if a user references a document > using http, he/she will be redirected to the same document via https. It would > seem that SSLRequire and SSLRequireSSL should allow this, but we can't get > them to work this way. I think what we need are some concrete examples of > their use (the manual really needs examples, not just reference definitions). > Anyone willing to share some experience? You can reply directly by email, > and replies will be summarized and the summary sent back to the list. SSLRequireSSL will prevent your from accidently accessing protected documents via HTTP (instead of HTTPS). That's all. Nothing more. No automatic redirects. If you really need them then you'll need mod_rewrite ... > What we've done for the moment is create a top-level index.html file that > redirects to the actual top-level document, but using a URL with https. > Since we use only relative URLs within the document, as the user cruises > around, everything is done using https. This works, but of course does not > prevent a user from saving a url and accessing it later using http instead > of https. > Thanks in advance for any advice or pointers... You need SSLRequireSSL (just in case: to prevent accessing via HTTP) and redirect via mod_rewrite ... __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Configuration question: SSLRequire(SSL), how to *require* use of SSL
Thanks! This is exactly what I was after Cheerio, Rick Rodgers > From [EMAIL PROTECTED] Mon Jul 12 11:22:43 1999 > From: Yusef Badri <[EMAIL PROTECTED]> > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Subject: RE: Configuration question: SSLRequire(SSL), how to *require* use >of SSL > Date: Mon, 12 Jul 1999 11:40:31 +0100 > MIME-Version: 1.0 > X-Mailer: Internet Mail Service (5.5.2448.0) > Sender: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > X-Sender: Yusef Badri <[EMAIL PROTECTED]> > X-List-Manager: Majordomo [version 1.94.4] > X-List-Name: modssl-users > > Hi, > I've also recently set up an SSL site, whereby I wanted peiple who > accidentally typed in "http://" URLs to be sent to the https site. > It just needed the following virtual host, in addition to the SSL one. > > > ServerName managed-services.equant-web.net > Redirect permanent / https://name-of-ssl-site/ > > > Where host01 is the name of the machine, and the SSL site was on > . > The following directives were needed above the VirtualHost clauses. > > NameVirtualHost host01:80 > NameVirtualHost host02:443 > > > -Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Monday, July 12, 1999 3:51 AM > > To: [EMAIL PROTECTED] > > Subject: Configuration question: SSLRequire(SSL), how to *require* use > > of SSL > > > > > > Dear List Members, > > > > We have successfully installed Apache 1.3.6 with openssl > > 0.9.3a, and mod_ssl > > 2.3.3-1.3.6. We are using a httpd.conf file little changed > > from the one > > created by the installation. Having experimented, read the > > mail list archives, > > and read the manual at http://www.modssl.org/, there is still > > an issue that is > > confusing us. We would like to set things up in such a way > > that documents > > can only be accessed via https, and so that if a user > > references a document > > using http, he/she will be redirected to the same document > > via https. It would > > seem that SSLRequire and SSLRequireSSL should allow this, but > > we can't get > > them to work this way. I think what we need are some > > concrete examples of > > their use (the manual really needs examples, not just > > reference definitions). > > Anyone willing to share some experience? You can reply > > directly by email, > > and replies will be summarized and the summary sent back to the list. > > > > What we've done for the moment is create a top-level > > index.html file that > > redirects to the actual top-level document, but using a URL > > with https. > > Since we use only relative URLs within the document, as the > > user cruises > > around, everything is done using https. This works, but of > > course does not > > prevent a user from saving a url and accessing it later using > > http instead > > of https. > > > > Thanks in advance for any advice or pointers... > > > > Cheerio, Rick Rodgers > > __ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager[EMAIL PROTECTED] > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Configuration question: SSLRequire(SSL), how to *require* use of SSL
Hi, I've also recently set up an SSL site, whereby I wanted peiple who accidentally typed in "http://" URLs to be sent to the https site. It just needed the following virtual host, in addition to the SSL one. ServerName managed-services.equant-web.net Redirect permanent / https://name-of-ssl-site/ Where host01 is the name of the machine, and the SSL site was on . The following directives were needed above the VirtualHost clauses. NameVirtualHost host01:80 NameVirtualHost host02:443 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 12, 1999 3:51 AM > To: [EMAIL PROTECTED] > Subject: Configuration question: SSLRequire(SSL), how to *require* use > of SSL > > > Dear List Members, > > We have successfully installed Apache 1.3.6 with openssl > 0.9.3a, and mod_ssl > 2.3.3-1.3.6. We are using a httpd.conf file little changed > from the one > created by the installation. Having experimented, read the > mail list archives, > and read the manual at http://www.modssl.org/, there is still > an issue that is > confusing us. We would like to set things up in such a way > that documents > can only be accessed via https, and so that if a user > references a document > using http, he/she will be redirected to the same document > via https. It would > seem that SSLRequire and SSLRequireSSL should allow this, but > we can't get > them to work this way. I think what we need are some > concrete examples of > their use (the manual really needs examples, not just > reference definitions). > Anyone willing to share some experience? You can reply > directly by email, > and replies will be summarized and the summary sent back to the list. > > What we've done for the moment is create a top-level > index.html file that > redirects to the actual top-level document, but using a URL > with https. > Since we use only relative URLs within the document, as the > user cruises > around, everything is done using https. This works, but of > course does not > prevent a user from saving a url and accessing it later using > http instead > of https. > > Thanks in advance for any advice or pointers... > > Cheerio, Rick Rodgers > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Configuration question: SSLRequire(SSL), how to *require* use of SSL
Dear List Members, We have successfully installed Apache 1.3.6 with openssl 0.9.3a, and mod_ssl 2.3.3-1.3.6. We are using a httpd.conf file little changed from the one created by the installation. Having experimented, read the mail list archives, and read the manual at http://www.modssl.org/, there is still an issue that is confusing us. We would like to set things up in such a way that documents can only be accessed via https, and so that if a user references a document using http, he/she will be redirected to the same document via https. It would seem that SSLRequire and SSLRequireSSL should allow this, but we can't get them to work this way. I think what we need are some concrete examples of their use (the manual really needs examples, not just reference definitions). Anyone willing to share some experience? You can reply directly by email, and replies will be summarized and the summary sent back to the list. What we've done for the moment is create a top-level index.html file that redirects to the actual top-level document, but using a URL with https. Since we use only relative URLs within the document, as the user cruises around, everything is done using https. This works, but of course does not prevent a user from saving a url and accessing it later using http instead of https. Thanks in advance for any advice or pointers... Cheerio, Rick Rodgers __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]