You have to deny access where it is allowed, and you are doing the opposite.
Put your denials outside the SSL virtual block.
E.g,, before your <VirtualHost _default_:443>
put
<Directory "D:/dev/public_html/Login">
Order Deny,Allow
Deny from All
</Directory>
Jan
[EMAIL PROTECTED]
On Thu, 8 Mar 2001, Brett W. McCoy wrote:
> I am using Apache + mod_ssl with Tomcat, and can't seem to get certain
> directives to work with Tomcat files.
>
> I have something like this:
>
> <Directory "D:/dev/public_html/Login">
> SSLRequireSSL
> </Directory>
>
> in my httpd.conf, within the 443 virtual host , but acessing the URL in
> question without https:// still works, which it shouldn't. It should be
> denying access to non-SSL enabled connections and only allowing encrypted
> connections.
>
> I have mod_jk.conf included before all of my SSL stuff, but this doesn't
> seem to matter. Even putting my JKMount directives inside the virtual
> host section doesn't make a difference, non-SSL connections are still
> going through and not being denied. Is there something in Tomcat I also
> need to configure?
>
> I should point out that I am not enabling SSL for the entire site, just
> specific directories and files within the site.
>
> -- Brett
> http://www.chapelperilous.net/~bmccoy/
> ------------------------------------------------------------------------
> I don't do it for the money.
> -- Donald Trump, Art of the Deal
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
>
Jan K. Labanowski | phone: 614-292-9279, FAX: 614-292-7168
Ohio Supercomputer Center | Internet: [EMAIL PROTECTED]
1224 Kinnear Rd, | http://www.ccl.net/chemistry.html
Columbus, OH 43212-1163 | http://www.osc.edu/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
