Re: Help configure non-SSL webpages on an SSL site?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 15 Sep 2015 18:12:24 -0400, . wrote:
>
> I am a novice website admin, running Apache 2.4.7 on a Ubuntu box. I 
> want to be able to serve a subset of my website as http (port 80), even 
> though the overall site is on https (port 443).  I managed to convert it 
> all to https this summer by providing links in 
> /etc/apache2/sites-enabled/ to sites-available/default-ssl.conf and 
> sites-available/http-redirect.conf.  The redirect just permanently 
> redirects everything to use https.
>
> I tried adding another VirtualHost for port 80, with a DocumentRoot 
> pointed at my "freely-available" subdirectory.  That seemed to work, but 
> the problem is that if somebody just browses to that subdirectory, they 
> get a directory listing that includes a hyperlink to the parent 
> directory.  By clicking on that hyperlink, they can escape into the rest 
> of the website using http instead of https.
>
> I suspect there's a "proper" way to do this, but I don't know what it 
> is.  Any help, or pointers, would be appreciated.

$ cat index.html
<!DOCTYPE HTML><HTML><HEAD></HEAD>
<BODY BGCOLOR="#CC0033"></BODY></HTML>

I put that in every sub-directory that I do not ever want folks poking 
around in. /images , /scripts , /includes , /temp ... whatever. 

Additionally, each sensitive directory's ,htaccess could include:
Options -Indexes 

But, Murphy's Law tells us that someday a critical .htaccess will get  
bollixed.

In your httpd.conf you can remove the "Indexes" option from the likes 
of:
Options Includes Indexes FollowSymLinks MultiViews

That'll do it globally.
But, Murphy's Law tells us that someday a the httpd.conf will get
bollixed.

So, I also put 
<!DOCTYPE HTML><HTML><HEAD></HEAD>
<BODY BGCOLOR="#CC0033"></BODY></HTML>
in every sub-directory that I do not ever want folks poking around in.

Too bad you don't have access to Google in your section of the internet.
Jonesy


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux