Dear all,
I am using Apache Server version: Apache/2.2.3 on Centos 5.4 (Test environment)
On Production Redhat 4 Server version: Apache/2.0.52
I have been looking for a way of:
1 - Prevent browsers with lower encryption to use my site, which I can do with
the two directives below
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
2 - Redirect them to a warning page
<Directory "/">
SSLRequireSSL
SSLRequire (%{SSL_PROTOCOL} != "SSLv2" and %{SSL_CIPHER_USEKEYSIZE} >= 128)
or %{REQUEST_URI} =~ m:^/errors/:
ErrorDocument 403 /errors/403-ssl.html
</Directory>
When I use IE5 to access the site I get the following error:
Forbidden
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an
ErrorDocument to handle the request.
--------------------------------------------------------------------------------
Apache/2.2.3 (CentOS) Server at secure01.grant.co.uk Port 443
Bellow is my Virtual Host:
NameVirtualHost 192.168.8.40:443
<VirtualHost 192.168.8.40:443>
Serveradmin [email protected]
DocumentRoot "/var/www/secure"
ServerName secure01.granted.co.uk
ErrorLog logs/secure01-error_log
CustomLog logs/secure01.granted.co.uk-access_log common
SSLEngine on
<Directory "/">
SSLRequireSSL
SSLRequire (%{SSL_PROTOCOL} != "SSLv2" and %{SSL_CIPHER_USEKEYSIZE} >=
128) or %{REQUEST_URI} =~ m:^/errors/:
ErrorDocument 403 "Your Browser Does not support 128 Bit Encryption"
</Directory>
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile /etc/httpd/conf/certs/server.crt
SSLCertificateKeyFile /etc/httpd/conf/certs/server.key
</VirtualHost>
If anyone could help me or point to the right direction, give a clue it would
be very much appreciated.
I have search loads before posting this question here.
Thank you very much in advance
Renato
Renato Oliveira
Systems Administrator
e-mail: [email protected]
Tel: +44 (0)1763 260811
Fax: +44 (0)1763 262410
www.grant.co.uk<http://www.grant.co.uk/>
Grant Instruments (Cambridge) Ltd
Company registered in England, registration number 658133
Registered office address:
29 Station Road,
Shepreth,
CAMBS SG8 6GB
UK
P Please consider the environment before printing this email
CONFIDENTIALITY: The information in this e-mail and any attachments is
confidential. It is intended only for the named recipients(s). If you are not
the named recipient please notify the sender immediately and do not disclose
the contents to another person or take copies.
VIRUSES: The contents of this e-mail or attachment(s) may contain viruses which
could damage your own computer system. Whilst Grant Instruments (Cambridge) Ltd
has taken every reasonable precaution to minimise this risk, we cannot accept
liability for any damage which you sustain as a result of software viruses. You
should therefore carry out your own virus checks before opening the
attachment(s).
OpenXML: For information about the OpenXML file format in use within Grant
Instruments please visit our
website<http://www.grant.co.uk/Support/openxml.html>
