httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joost de Heer" <sang...@xs4all.nl>
Subject [users@httpd] Re: How to SSL protect certain directories
Date Fri, 14 Apr 2006 15:36:43 GMT
Romeo Theriault wrote:
> I have an apache website that I need some directories protected by
> ssl. So I got the certificate etc... Now I have two virtual hosts,
> one that is the unsecure and one that is the secure. There are only a
> few directories that I need secured by ssl.
>
> for example:
> http://www.some.domain.name.com/distance/register/
> http://www.some.domain.name.com/registrar/request/
>
> So to get those directories secured I put this mod_rewrite code into
> the unsecure httpd.conf file.

> <Directory /var/www/www/distance >
>                          RewriteEngine On
>                          RewriteBase /
>                          RewriteCond %{REQUEST_FILENAME} -f [OR]

'RewriteCond %{HTTPS} off' is a better check

> The problem is that once people have viewed those pages that are in
> those secure directories the rest of the pages they view on the site
> are on the secure site. I would like to have a rewriterule in the
> secure virtual host to check if they are not in one of those
> directories and redirect them back to the unsecure site.

Something like

RewriteCond %{REQUEST_URI} !^/secure_dir(.*)
RewriteCond %{HTTPS} on
RewriteRule /^(.*) http://my.site/$1

Joost


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message