httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] SSL redirect browsers if weak encryption to a warning page
Date Tue, 16 Feb 2010 15:03:28 GMT
n Tue, Feb 16, 2010 at 9:50 AM, Renato Oliveira
<renato.oliveira@grant.co.uk> wrote:
> Dear all,
>
>
>
> I am using Apache Server version: Apache/2.2.3 on Centos 5.4 (Test
> environment)
>
> On Production Redhat 4 Server version: Apache/2.0.52
>
>
>
> I have been looking for a way of:
>
> 1 – Prevent browsers with lower encryption to use my site, which I can do
> with the two directives below
>
> SSLProtocol all -SSLv2
>
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
>
>
>
> 2 – Redirect them to a warning page
>
> <Directory "/">
>
>     SSLRequireSSL
>
>     SSLRequire (%{SSL_PROTOCOL} != "SSLv2" and %{SSL_CIPHER_USEKEYSIZE} >=
> 128) or %{REQUEST_URI} =~ m:^/errors/:
>
>     ErrorDocument 403 /errors/403-ssl.html
>
> </Directory>
>
>
>
> When I use IE5 to access the site I get the following error:
>
>
>
> Forbidden
>
> You don't have permission to access / on this server.
>
>
>
> Additionally, a 403 Forbidden error was encountered while trying to use an
> ErrorDocument to handle the request.

Don't protect the directory with your ErrorDocuments if you know the
SSL connection is already forbidden.

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message