RE: [users@httpd] Virtual Hosting and SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] Virtual Hosting and SSL
From: Sri <gsridhar78@xxxxxxxxx>
Date: Wed, 21 Dec 2005 06:46:40 -0800 (PST)
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxx
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxxxx
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
In-reply-to: <FDD5D99066749040AF9098A720E9897701451AA4@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: users@xxxxxxxxxxxxxxxx

check this link for very good articles

www.debianhelp.co.uk/webserver.htm

thanks

Boyle Owen <Owen.Boyle@xxxxxxx> wrote:

> -----Original Message-----
> From: Jerry Baker [mailto:jerry@xxxxxxxxxxxx]
>
> I guess another way of putting it is, I am looking to see if it is
> possible to just tell Apache that anything on port 443 is to
> be treated
> as SSL and anything on port 80 is to be treated as normal
> HTTP? It seems
> awkward and clumsy to have to have two virtual hosts for every real
> virtual host just to include SSL.

First, the lecture:

"...just to include SSL." is your wrongthink.

SSL (or to be more accurate, HTTPS) is an additi onal layer on top of HTTP so it is like it is a different protocol. Therefore your question is a bit like, "Do I have to install Sendmail, just to include SMTP?"

For HTTPS to work, it needs a unique TCP/IP socket on which to begin the HTTPS negotiation. That is conventionally port 443. Happily, apache (using mod_ssl) can be configured to handle an HTTPS session, but it requires a virtual host to be configured to handle the requests once they are decrypted. This VH then includes all the SSL directives (eg, SSLEngine on) so it can't be used for plain HTTP.

I think the underlying problem is that you want a site that automatically works in HTTP or HTTPS with identical content under each. I'm sure you have your reasons, but have you thought through exactly why you want this? SSL is used to protect data when it's on the public part of the route between the client and server. This would either be private data submitted by the client (eg, credit card number) or sent by the server (eg, personal user data held on a server). Why would you want these resources also available under plain HTTP? If people used the HTTP URLs, the data would not be protected. It's a bit like phoning your bank up and asking them to send you some money and, depending on the number you call, they either send it round in an armoured car or post it in the mail in a see-through envelope.

Second, a possible solution:

Having said all that, you might be able to construct a suitably complicated boolean _expression_ which you can use in SSLRequire to switch on and off SSL on a per-request basis (see http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslrequire). Alternatively, you can keep the two VHs but put the common directives in an included file (see http://httpd.apache.org/docs/2.0/mod/core.html#include).

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

>
> --
> Jerry Baker
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.

This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxx g
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

References:
- RE: [users@httpd] Virtual Hosting and SSL
  - From: Boyle Owen

Prev by Date: RE: [users@httpd] favicon
Next by Date: Re: [users@httpd] Handling apache dynamic configuration updates to httpd.conf.
Previous by thread: Re: [users@httpd] Virtual Hosting and SSL
Next by thread: RE: [users@httpd] Virtual Hosting and SSL
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]