Re: From https to http and vice versa

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 30, 2009 at 4:15 PM, Alessandro Fantuzzi <fantuzzi@xxxxxxxxx> wrote:
> We have a site running on Apache and Tomcat
> LINUX
> APACHE     2.0.59
> TOMCAT     5.5.20
> JVM    1.5
>
> We have to put some pages under SSL, just some, say:
>
> https://www.site.com/public/subscribe.jsp
> https://www.site.com/public/unsubscribe.jsp
>
> We will install the 128 bit certificate under Apache Http server.
> Path /public contains other pages but we want to put under SSL just the ones
> mentioned before. Is this possible ?
>
> Should we create two Vitrual hosts, one for port 80 and one for 443 ?
>
> How do we force the user using the correct port, should we create rewrite
> rules from one Virtual Host to the other ?
>
> Thanks in advance
[clip]

If you want to serve both SSL and non-SSL, then yes, you need two
different hosts listening on the two ports as you mentioned. This
alone is not enough, of course, just telling apache to listen on 443
does not set up an SSL server, but it is necessary for what you want.

Are you actually adverse to serving other content on SSL? In other
words, if most pages are available on both SSL and non-SSL, is that
okay? If that's the case, you can just serve the same content from
both virtual hosts, but add some RequireSSL directives in a
<FileMatch>, <Location>, or similar tag for the "secure" pages so that
they are only accessible via HTTPS. Creating HTML links to https://...
will suffice for getting the user there.

On a related note, it seems to me that 128 bits is not a remotely
secure key. I can't say for sure, but as I recall, anything under 1024
bits is considered trivial, 2048 or 4096 is better.

Hope that helps.
-Brian

-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux