The simpler way would be to put into httpd.conf the block
<Directory "/my/directory">
<Limit>
Order deny,allow
Deny from all
</Limit>
</Directory>
In the HTTP section (before the SSL section in the httpd.conf)
and the block
<Directory "/my/directory">
<Limit>
Order deny,allow
Allow from all
</Limit>
</Directory>
within the HTTPS section (within the SSL section of httpd.conf).
You may also need to define "Alias", and to it by "Location",
but try this first.
On Mon, 23 Apr 2001, Sam Newman wrote:
> I have Apache and Tomcat running together under SSL. I now want to create a
> page which only run under SSL. I want http and https to share the same
> documents however. My first idea is to simply have a tag handler, which
> detects the protocol, and if not SSL is simply redirects to a page explaning
> why they cannot view the requested document.
> By problem is that I'm not sure on the correct way to retrieve what type of
> protocol is being used. There is a getAuthType method in HttpServletRequest,
> but the return type is simply a string (e.g. "BASIC" or "SSL"). My concern
> is that this return could vary from browser to browser. Can I assume that if
> using SSL the return will always be the string "SSL"? Also, how can I detect
> which level of encryption is being used? Ideally, I'd like to restrict users
> to connecting using 128bit only, or at least issue a warning when its at
> 40bit.
>
> Thanks in advance,
>
> Sam
>
Jan K. Labanowski | phone: 614-292-9279, FAX: 614-292-7168
Ohio Supercomputer Center | Internet: [EMAIL PROTECTED]
1224 Kinnear Rd, | http://www.ccl.net/chemistry.html
Columbus, OH 43212-1163 | http://www.osc.edu/
