On May 27, 2012 18:02 , Nataraj <[email protected]> wrote:
I am running apache 2.2 and would like to have the server listen on a
second SSL port. I don't need to use a separate certificate or anything
like that. All I want to be able to do is to rewrite the URL (already
know how to do that), so that a portion of the website gets redirected
to a separate port. This will allow me to use firewall access lists so
that part of the web site is only accessable to specific IP addresses.
If you want to restrict access to parts of the web site, do not use a
firewall: a firewall is the wrong tool for the job, and you will
actually be making things much harder on yourself by trying to do it
that way. Instead, use the access control directives built into Apache
HTTP Server to control which parts of the web site are accessible from
which IP addresses. For Apache HTTP Server 2.2, this is done with the
"Allow" and "Deny" directives. For more details and lots of examples, see
https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html
I would like the web server to serve SSL on both ports 443 and 5678, so
the public part of the web site would be accessible on port 443. I
tried editing ssl.conf and adding a second port, but wasn't sure what to
do with the<VirtualHost _default_:443> line.
You will need to duplicate all of the configuration for the port 443 SSL
virtual host in order to set up an additional virtual host on port
5678. This includes:
- A "Listen" directive for port 5678.
- A "VirtualHost" stanza for the second web virtual host (for example,
"<VirtualHost _default_:5678>") that contains a duplicate of all of the
configuration directives that are inside the VirtualHost stanza for port
443. (Note that use "*:443" instead of "_default_:443" in my configs,
but hopefully using _default_ in both VirtualHost stanzas will work for
you; see the documentation for the VirtualHost directive to understand
the difference).
I hope this helps.
--
Mark Montague
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
