httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] How to SSL protect certain directories
Date Tue, 18 Apr 2006 09:38:23 GMT
> -----Original Message-----
> From: Romeo Theriault [mailto:romeotheriault@gmail.com] 
> Sent: Freitag, 14. April 2006 15:45
> To: users@httpd.apache.org
> Subject: [users@httpd] How to SSL protect certain directories
> 
> I have an apache website that I need some directories 
> protected by ssl. So I got the certificate etc... Now I have 
> two virtual hosts, one that is the unsecure and one that is 
> the secure. There are only a few directories that I need 
> secured by ssl. 

You've got the basic idea - you need a set of rules in the HTTP HV to
redirect "certain dirs" to the HTTPS VH and a symmetric set in the HTTPS
VH to redirect to HTTP *unless* in certain dirs. All you need to do is
figure out the rules' syntax :-)

Try something like:

HTTP VH:

	RewriteRule ^/certain_dir/(.*) https://server/certain_dir/$1 [R]

HTTPS VH:

	RewriteRule ^/certain_dir/(.*) - [S=1]
	RewriteRule ^(.*) http://server$1

To explain:

- the HTTP rule is easy and you already have it working; it just selects
the certain_dir and redirects to HTTPS.
- the HTTPS rule is trickier: the first rule select certain_dir and
redirects it to *itself* (the dash), ie, it is a null operation. The
flag "S=1" in the square-brackets means "skip 1 rule", ie, it skips the
next rule so effectively skips out of the rewrite-logic at this point
and certain_dir is served from HTTPS. If the request *does not* match
certain_dir, it will not satisfy this rule and so will not skip 1 rule.
Hence it will hit rule 2 which is an unconditional redirect to HTTP.

So the whole thing looks like the following pseudo-code:

if (certain_dir)
	do_nothing();
	break;
else
	redirect(HTTP);

If you have more thatn one certain_dir, you can make a chain using
decrementing skips, eg:

	RewriteRule ^/dir1/(.*) - [S=3]	
	RewriteRule ^/dir2/(.*) - [S=2]	
	RewriteRule ^/dir3/(.*) - [S=1]
	RewriteRule ^(.*) http://server$1

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> 
> for example:
> http://www.some.domain.name.com/distance/register/ 
> <http://www.some.domain.name.com/distance/register/> 
> http://www.some.domain.name.com/registrar/request/ 
> <http://www.some.domain.name.com/registrar/request/> 
> 
> 
> So to get those directories secured I put this mod_rewrite 
> code into the unsecure httpd.conf file.
> 
> 
> 
> 
> <Directory /var/www/www/distance >
>                         RewriteEngine On
>                         RewriteBase /
>                         RewriteCond %{REQUEST_FILENAME} -f [OR]
>                         RewriteCond %{REQUEST_FILENAME} -d
>                         RewriteRule ^register/(.*) 
> https://www.some.domain.com/distance/register/$1 
> <https://www.some.domain.com/distance/register/$1>  [C]
>         </Directory>
> 
> 
>         <Directory /var/www/www/registrar >
>                         RewriteEngine On
>                         RewriteBase /
>                         RewriteCond %{REQUEST_FILENAME} -f [OR]
>                         RewriteCond %{REQUEST_FILENAME} -d
>                         RewriteRule ^request/(.*) 
> https://www.some.domain.com/registrar/request/$1 
> <https://www.some.domain.com/registrar/request/$1>  [C]
>      </Directory>
> 
> 
> 
> 
> This works great.
> 
> 
> The problem is that once people have viewed those pages that 
> are in those secure directories the rest of the pages they 
> view on the site are on the secure site. I would like to have 
> a rewriterule in the secure virtual host to check if they are 
> not in one of those directories and redirect them back to the 
> unsecure site.
> 
> 
> I've been banging my head trying to get this and I can't 
> figure it out. (I'm new to regular expressions and 
> mod_rewrite). I keep getting redirected back and forth until 
> the browser tells me "Too many redirects." or some such error.
> 
> 
> Here's what I have so far for the secure virtual host, but 
> again, it doesn't seem to work.
> 
> 
> RewriteEngine On
> RewriteRule !^register(.*) - [C]
> RewriteRule ^/(.*) http://www.some.domain.com/$1 
> <http://www.some.domain.com/$1>  [L]
> RewriteRule !^registrar/request/(.*) - [C]
> RewriteRule ^/(.*) http://www.some.domain.com/$1 
> <http://www.some.domain.com/$1>  [L]
> 
> 
> 
> 
> Could someone tell me what I'm doing wrong?
> 
> 
> Do I need to put the secure rewrite rules in a <Directory> structure.
> 
> 
> Thank you.
>
 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system. Please also immediately
destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail communications through their
networks. Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorised to state them to be the views of
the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message