httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romeo Theriault <romeotheria...@gmail.com>
Subject [users@httpd] Re: How to SSL protect certain directories
Date Fri, 14 Apr 2006 16:54:47 GMT
Joost, I've tried you option,

> RewriteCond %{REQUEST_URI} !^/secure_dir(.*)
> RewriteCond %{HTTPS} on
> RewriteRule /^(.*) http://my.site/$1

but still get no change in behaviour. It won't go back to http once  
it's gone to https:.

Is there any additional information that I can provide to you to make  
this easier.

Thank you,

Romeo

On Apr 14, 2006, at 11:36 AM, Joost de Heer wrote:

> Romeo Theriault wrote:
>> I have an apache website that I need some directories protected by
>> ssl. So I got the certificate etc... Now I have two virtual hosts,
>> one that is the unsecure and one that is the secure. There are only a
>> few directories that I need secured by ssl.
>>
>> for example:
>> http://www.some.domain.name.com/distance/register/
>> http://www.some.domain.name.com/registrar/request/
>>
>> So to get those directories secured I put this mod_rewrite code into
>> the unsecure httpd.conf file.
>
>> <Directory /var/www/www/distance >
>>                          RewriteEngine On
>>                          RewriteBase /
>>                          RewriteCond %{REQUEST_FILENAME} -f [OR]
>
> 'RewriteCond %{HTTPS} off' is a better check
>
>> The problem is that once people have viewed those pages that are in
>> those secure directories the rest of the pages they view on the site
>> are on the secure site. I would like to have a rewriterule in the
>> secure virtual host to check if they are not in one of those
>> directories and redirect them back to the unsecure site.
>
> Something like
>
> RewriteCond %{REQUEST_URI} !^/secure_dir(.*)
> RewriteCond %{HTTPS} on
> RewriteRule /^(.*) http://my.site/$1
>
> Joost
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message