On 7/17/07, Robert Granvin <Robert.Granvin@xxxxxxxxxxxxxx> wrote:
Standard web site is at "http://foo.site.com/..."; while the secure URL is at "https://secure.site.com/foo/...";
So you can't use the same document root for both hosts? If you need different content, except for some folders, simply use the Alias directive in httpd.conf. Alias /images "/var/www/foo/images" or something.
(Basically, make sure that local references such as "/images/blah.gif" become "/foo/images/blah.gif" and hard URLs embed the site reference into it... The user will connect to "https://secure.site.com/foo";, but I need to extract the "foo" to use in the other URLs.)
I'd use a symbolic link for that. So, on the server, if it's linux/unix:
# ln -s /foo/images /images
or whatever you need for that. To use Rewrite for that is overkill.
If you would like httpS to 'appear' only for secure.site.com,
do something like this in httpd.conf:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName site.com
DocumentRoot /var/www/site.com_doc-root
ServerAlias *.site.com
# this ^^ catches mistyped hostnames, like "ww.site.com"
# and "wwww.site.com", and limits traffic
# by having all calls go to one hostname..
RewriteEngine on
RewriteCond %{HTTP_HOST} ^secure\.site\.com
RewriteRule ^/(.*)$ https://secure.site.com/$1 [R,L]
RewriteCond $1 =secure
RewriteRule ^/(.*)$ https://secure.site.com/ [R,L]
# this all forces the "secure.site.com" requests to go over SSL.
RewriteCond %{HTTP_HOST} !^site.com(:80)?$
RewriteRule ^/(.*) http://site.com/$1 [L,R]
RewriteOptions inherit
</VirtualHost>
and then this - for example - in ssl.conf:
<VirtualHost _default_:443>
DocumentRoot /var/www/secure.site.com_doc-root
ServerName secure.site.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
SSLCACertificatePath /etc/httpd/conf/ssl.crt
<Files ~ "\.(cgi|shtml|phtml|pl|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/secure.site.com_doc-root">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
--
# Julius B. Thyssen
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|