On 05/28/2012 10:14 AM, Mark Montague wrote: > On May 27, 2012 18:02 , Nataraj <incoming-apache@xxxxxxx> wrote: >> I am running apache 2.2 and would like to have the server listen on a >> second SSL port. I don't need to use a separate certificate or anything >> like that. All I want to be able to do is to rewrite the URL (already >> know how to do that), so that a portion of the website gets redirected >> to a separate port. This will allow me to use firewall access lists so >> that part of the web site is only accessable to specific IP addresses. > > If you want to restrict access to parts of the web site, do not use a > firewall: a firewall is the wrong tool for the job, and you will > actually be making things much harder on yourself by trying to do it > that way. Instead, use the access control directives built into > Apache HTTP Server to control which parts of the web site are > accessible from which IP addresses. For Apache HTTP Server 2.2, this > is done with the "Allow" and "Deny" directives. For more details and > lots of examples, see > > https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html > > >> I would like the web server to serve SSL on both ports 443 and 5678, so >> the public part of the web site would be accessible on port 443. I >> tried editing ssl.conf and adding a second port, but wasn't sure what to >> do with the<VirtualHost _default_:443> line. > > You will need to duplicate all of the configuration for the port 443 > SSL virtual host in order to set up an additional virtual host on port > 5678. This includes: > > - A "Listen" directive for port 5678. > > - A "VirtualHost" stanza for the second web virtual host (for example, > "<VirtualHost _default_:5678>") that contains a duplicate of all of > the configuration directives that are inside the VirtualHost stanza > for port 443. (Note that use "*:443" instead of "_default_:443" in my > configs, but hopefully using _default_ in both VirtualHost stanzas > will work for you; see the documentation for the VirtualHost directive > to understand the difference). > Thank you for the pointer. I use fwknop to allow secure remote access, so it needs to be done outside of apache. I was able to do it without duplicating the virtualhost section like this: <VirtualHost _default_:443 _default_:5678> Nataraj --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|