Thanks! You made it very easy to understand. I'm most grateful. I installed mod_ssl (had to, of course), and the SSLEngine, SSLCertificateFile ..., and SSLCertificateKeyFile ... directives are in ssl.conf. If I put the same info in the httpd.conf https virtual host section, won't it bump into the stuff in ssl.conf, causing httpd to complain and fail? If that's the case, and I think it is based on preevious tries, what would the https virtual host section then have to look like? Dimitri On Friday October 07 2005 9:02 am, Axel-Stéphane SMORGRAV wrote: > Sounds like you have a redirect loop. > > What I would do is define one virtual host for http and one for https. The > redirect rule would go inside the http virtual host, and the "business > logic" would go inside the https VH. > > DocumentRoot /var/www/html > ErrorLog logs/error.log > CustomLog logs/access.log combined env=!dontlog > SSLCaCertificatePath ... > SSLRandomSeed startup builtin > SSLRandomSeed connect builtin > > Listen 192.168.1.10:80 > Listen 192.168.1.10:443 > > # Make sure that the contents of this directory can only be read over SSL > <Directory /var/www/html/program> > SSLRequireSSL > </Directory> > > <VirtualHost 192.168.1.10:80> > ServerName mailserver > ... > Redirect /program https://mailserver/program > </VirtualHost> > > <VirtualHost 192.168.1.10:443> > ServerName mailserver > > SSLEngine On > > SSLCertificateFile ... > SSLCertificateKeyFile ... > > # Business logic > > </VirtualHost> > > BR > -ascs > > -----Original Message----- > From: Dimitri Yioulos [mailto:dyioulos@xxxxxxxxxxxxx] > Sent: Friday, October 07, 2005 2:22 PM > To: users@xxxxxxxxxxxxxxxx > Subject: Re: [users@httpd] SSL and directories > > Thanks so much for the reply. I guess I didn't understand the > SSLRequireSSL directive; it's an enforcement directive then. I mistook it > for a redirector (don't ask how I arrived at that conclusion :-(doh) ). > > May I press on? As I previously mentioned, I installed a web mail program > on my mail server, and through its conf file, ahve it SSL-enabled. Users > reach that program by being redirected by our web server (using the > directive "redirect /webmailprog > https://mailserver.mydomain.com/webmailprog";, and it works great. Now, > however, if I add a similar redirector on the mail server to try and see > that http://mailserver/program goes to > https://mailserver/program, I get a complaint that there are too many > redirectors for this http server. Point of story - how can I make sure > that http:// goes to https://? > > For that matter, how can I set up so that any particular directory is > SSL-enabled and http:// is redirected to https://? > > I appreciate your help. > > Dimitri > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|