[Httpd Wiki] Update of "RedirectSSL" by sjorge

Tue, 10 Jul 2007 11:55:19 -0700 

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change 
notification.

The following page has been changed by sjorge:
http://wiki.apache.org/httpd/RedirectSSL

The comment on the change is:
removed confusing SSLRequire stuff

------------------------------------------------------------------------------
  
  ----
  
- 
- 
- 
- === SSL Redirect Method (doesn't require mod_rewrite!) ===
- [http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#ssloptions SSLOptions 
+StrictRequire] forces forbidden access (403) when `SSLRequireSSL` or 
`SSLRequire` decide access should be forbidden. Usually where a 
[http://httpd.apache.org/docs/trunk/mod/mod_access_compat.html#satisfy Satisfy 
Any] directive is used, this denial of access is overridden.  For strict access 
restriction you can use `SSLRequireSSL` and/or `SSLRequire` in combination with 
an `SSLOptions +StrictRequire` Then an additional `Satisfy Any` has no chance 
once [http://httpd.apache.org/docs/trunk/mod/mod_ssl.html mod_ssl] has decided 
to deny access.
- 
- [http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslrequiressl 
SSLRequireSSL] forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for 
the current connection.[[BR]]
- [http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslrequire SSLRequire] 
forbids access unless HTTP_HOST matches your SSL certificate ''(in this case, 
the certificate is for `example.com` not `www.example.com`)''.
- 
- If either of those 2 checks fail (403), then the 
[http://httpd.apache.org/docs/trunk/mod/core.html#errordocument ErrorDocument] 
directive uses a `302` to redirect the browser to `https://example.com`.
- {{{
-    SSLOptions +StrictRequire
-    SSLRequireSSL
-    SSLRequire %{HTTP_HOST} eq "example.com"
-    ErrorDocument 403 https://example.com
- }}}
- '''Note:''' Checking for the correct HTTP_HOST fixes the problem with Basic 
Authentication asking for the username/password twice, and also fixes security 
errors about your SSL certificate.
- 
- 
  === Alternative to above method (doesn't require mod_ssl!) ===
  {{{
     RewriteCond %{HTTPS} !=on

Reply via email to