httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kaplan, Andrew H." <AHKAP...@PARTNERS.ORG>
Subject RE: [users@httpd] SSL the whole site
Date Fri, 23 Jan 2004 13:09:02 GMT
I asked as similar question several days ago and here is the information I got.
I hope it helps.

Excerpt from Apache discussion group -

If you use http:// and port 80, you don't need a port number in the url. Also,
if you use https:// and port 443, you don't need a port number in the url.
These are two standard ports for http. and https.

If you wish to redirect users from 80 to 443, you can do it in your virtual host
setup like   this:

		<VirtualHost 555.555.555.55:80>
			ServerName foo.com
			ServerAdmin webma	ster@foo.com
			DocumentRoot /path/to/root/
			Redirect / https://foo.com/
		</VirtualHost>	


              Then just set up another vhost for the ssl site, like this:

		<VirtualHost 555.555.555.55:443>
			ServerName foo.com
			ServerAdmin webmaster@foo.com
			DocumentRoot /path/to/root/

			SSLEngine On
			SSLCertificateFile /path
			SSLCertificateKeyFile /path
			SSLCertificateChainFile /path
			SetEnvIf User-Agent ".*MSIE.*" nokeepalive
ssl-unclean-shutdown
		</VirtualHost>

-----Original Message-----
From: Dirk-Willem van Gulik [mailto:dirkx@webweaving.org]
Sent: Friday, January 23, 2004 7:56 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] SSL the whole site




On Fri, 23 Jan 2004, Stuart Lamble wrote:

> What is the best method of securing the whole site with SSL?

Just get any book on apache (I personally like the O'Reilly one) and
follow the section on enabling SSL.

What you end up with is a web site which runes on port 443 and is 100%
ssl. Then I usually do something like:

<VirtualHost *:80>
	...
	RewriteEngine on
        RewriteRule     ^(.*)   https://%{HTTP_HOST}$1 [R=301]

To redirect people who forget the 's' of https to the https site. Note
that the above has some issues with cross-site scripting in some cases;
in which case you want to change %{HTTP_HOST}$1 into something like
www.myhost.com$1 or even www.myhost.com/index.html (or a page saying
use ssl).

Dw



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message