Re: Need some SSL help please.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 08 Aug 2009 01:59:34 +0000, Mike -- EMAIL IGNORED wrote:

> On Fri, 07 Aug 2009 20:46:35 -0400, Josh Gooding wrote:
> 
>> Mike,
>> 
>> If it was up to me, I wouldn't use a Windows based server either,
>> however, what the client bought is what I had to use.  KWIM? I can't
>> block DNS on this server due to it having a .com tied to it. I looked
>> this afternoon and no dice.  I can look into it more in depth on the
>> httpd site.  What a perplexing thing I'm trying to do.
>> 
>> - Josh
>> 
> [...]
> 
> I think the Rewrite example I gave is like:
>     Require valid-user
> 
> I still do not see the way but note:
>    1 . I think t is possible to construct a directory tree where
>        the root uses SSL but the others do not.
>    2.  Maybe non-SSL directories can be made to reject in there
>        is no valid user, but not with a login request.
>    3.  The root directory would respond with the normal login.
> This is how I would start. It places a restriction on the user to first
> access the root directory.
> 
> FWIW, this is all I can think of now.  It might require the use of
> environment variables. (See Apache "Access Control").
> 
> This is an interesting problem but after this post, I go on travel and
> will have little or no Internet access for a week. I will look back when
> I return, hoping to see what was finally done.
> 
> Mike.
> 

One additional but important point.  When things slowed substantially
after adding SSL to part of my tree, everything slowed, even the parts
that were not doing SSL at all.  Again, the slowness was caused by the
DNS, not the encryption.  This was verified with WireShark.

Long ago I learned that it is often cheaper to buy another piece
of hardware, than to solve a subtle problem with software.  In
this case, a Linux box wherein you could easily block DNS is probably
the cheapest and most user-friendly solution.

Bedtime at -0400.

HTH.
Mike.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux