On Sunday 03 January 2010 13:48:09 Eric Covener wrote: > On Sun, Jan 3, 2010 at 1:24 PM, Daniel D Jones <ddjones@xxxxxxxxxxxxxxxx> wrote: > > I want this alias to take affect only under the SSL virtual host > > > > I could, of course, move the Alias and associated configs under the > > <VirtualHost> section of 000-default, but that rather defeats the purpose > > of having split config files. Thanks for the assist. > If you don't want to put the alias in the proper context (your own SSL > VirtualHost), you can configure it globally and redirect to SSL in a > <Directory> container: > http://wiki.apache.org/httpd/RedirectSSL Given: Alias /blah /usr/share/blah I was able to redirect by putting Redirect permanent /blah https://www.mydomain.com/blah in the global section of 000-default. (That is, it's under <VirtualHost *> but not under a <Directory> container.) My first attempt was: Redirect permanent /usr/share/blah https://www.mydomain.com/blah Specifying the full path did not work. This seems a bit inconsistent, since redirects under the DocumentRoot specify the full path, including the path to the DocumentRoot. This is acceptable but I'd prefer to just block access from http rather than redirect. Neither of the following two approaches, placed under the default <VirtualHost *>, worked: <Directory /blah> AllowOverride None Order deny,allow Deny from all </Directory> <Directory /usr/share/blah> AllowOverride None Order deny,allow Deny from all </Directory> But the following: <Directory /var/www/ssl> AllowOverride None Order deny,allow Deny from all </Directory> where /var/www is the document root, does get denied from http. > Split config files allow the packager to maintain a subset of your > config files, and allow other packages to drop config files into place > without editing existing files, but there's little cause for adding > directives out of context to keep them tidy in some filesystem layout > that Apache doesn't care about. The conf.d file was installed by a package, and I'd prefer not to remove it if possible so that future updates to the package won't be confused. I also think split config files are easier to edit and maintain by hand but that's just a matter of personal preference. Out of curiosity, what are the advantages/disadvantages of using an alias to redirect and simply creating a file link to the appropriate directory under DocumentRoot? If I simply created a link /var/www/blah pointing to /usr/share/blah, then I could use a <Directory> container to block access, as is done with the /var/www/ssl directory above. I suspect that there are security implications but it isn't clear to me what they are. Thanks again for your time and effort. -- "The most glorious moments in your life are not the so-called days of success, but rather those days when out of dejection and despair you feel rise in you a challenge to life, and the promise of future accomplishments." - Gustave Flaubert --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx