n Tue, Feb 16, 2010 at 9:50 AM, Renato Oliveira
<renato.oliveira@xxxxxxxxxxx> wrote:
> Dear all,
>
>
>
> I am using Apache Server version: Apache/2.2.3 on Centos 5.4 (Test
> environment)
>
> On Production Redhat 4 Server version: Apache/2.0.52
>
>
>
> I have been looking for a way of:
>
> 1 – Prevent browsers with lower encryption to use my site, which I can do
> with the two directives below
>
> SSLProtocol all -SSLv2
>
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
>
>
>
> 2 – Redirect them to a warning page
>
> <Directory "/">
>
> SSLRequireSSL
>
> SSLRequire (%{SSL_PROTOCOL} != "SSLv2" and %{SSL_CIPHER_USEKEYSIZE} >=
> 128) or %{REQUEST_URI} =~ m:^/errors/:
>
> ErrorDocument 403 /errors/403-ssl.html
>
> </Directory>
>
>
>
> When I use IE5 to access the site I get the following error:
>
>
>
> Forbidden
>
> You don't have permission to access / on this server.
>
>
>
> Additionally, a 403 Forbidden error was encountered while trying to use an
> ErrorDocument to handle the request.
Don't protect the directory with your ErrorDocuments if you know the
SSL connection is already forbidden.
--
Eric Covener
covener@xxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|