|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
September 10th, 2000, 02:32 PM
|
|||
|
|||
|
Sorry if this has been covered...
I have my ssl pointed at a certian directory and it works fine. I would like to deny http requests to this directory. I have tried to use a directory contaner in the httpd.conf file with deny from all statment, like; this is abreveated <directory /www/someplace/secure:80 deny from all <directory> with no success. is there a simple way to do this? maybe with a rewrite rule? Thanks in advance I am using a linux machine with apache 1.3.12+mod-ssl+mysql+php4.02 etc... Slim
|
|
#2
September 10th, 2000, 04:23 PM
|
|||
|
|||
|
Is there an entrance page before getting into that directory?
>>is there a simple way to do this? No. >>maybe with a rewrite rule? Yup. So what is the full dir path to both SSL and non-SSL? How about both in URLs?
|
|
#3
September 11th, 2000, 12:46 AM
|
|||
|
|||
|
Thanks for the response,
The standard apache ssl index file is there. I could remove the index, in which case they would recive a no permission to view error. But I would like to keep an index file for the ssl users. This directory is within a virtual host. The ssl directory container looks like this: some parts are removed or changed for obvious reasons.. <VirtualHost 64.xx.xxx.xx:443> DocumentRoot "/www/pppp/secure" ServerName www.pppp.org ServerAdmin admin@pppp.org ErrorLog /usr/local/apache/logs/error_log TransferLog /usr/local/apache/logs/access_log # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on Bla Bla </virtualhost> Anyway thaks again.. Slim If I go to https://www.pppp.org It brings me to the page I would expect..securly. if I point the browser to: http://www.pppp.org/secure I get to the same page. I dont want this. I know I could just move the ssl directory out of the path of http:// But that would entale rewriting alot of scripts and pages. I know, I know, dial 1-800-Waaah. But like I say, I was looking for an easier way.
|
|
#4
September 11th, 2000, 03:04 AM
|
|||
|
|||
|
In your non-SSL container, add <LocationMatch> to it.
http://www.apache.org/docs/mod/core.html#locationmatch i.e. <LocationMatch ^/secure> Order deny,allow Deny from all Allow from 192.168.0. </LocationMatch>
|
|
| Viewing: Dev Shed Forums > System Administration > Security and Cryptography > Allow a https request to a directory |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
