[RndTbl] Apache/SSL

Gilbert E. Detillieux gedetil at cs.umanitoba.ca
Thu Apr 17 11:18:52 CDT 2003


According to Raymond J. Henry:
> Thanks to those that gave me input. I did manage to find the problem. I
> decided to stop trying to deal with the .htaccess file, and start at the
> beginnning. Sure enough, there it was. In the httpd.conf file, AllowOverride
> None for the .htaccess control. Changed it to AllowOverride All, and it now
> prompts for login when going to https://hermes.manitobamall.net.

That would have been my next guess...  :)

> Next step is to see how to prevent it from accessing the page when going to
> http://hermes.manitobamall.net.

I think all you'd have to do is add the following to the .htaccess file...

<IfDefine HAVE_SSL>
  SSLRequireSSL
  SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ )
</IfDefine>

In addition, if you would like to have people redirected to the secure port,
rather than just getting an error when they come in via http, you can add
the following within the IfDefine tags...

  <IfModule mod_rewrite.c>
    RewriteEngine on
    # For testing (logs a lot!):
    #RewriteLog /var/log/httpd/rewrite_log
    #RewriteLogLevel 9
    # Rather than just deny non-SSL access, we'll redirect to https:
    # See http://www.apache.org/docs/misc/rewriteguide.html
    RewriteCond	%{SERVER_PORT}	^80$
    RewriteRule	^/(.*)	https://hermes.manitobamall.net/$1	[L,R]
  </IfModule>

We use a similar trick for our web-based mail software, to force the
browsers to use SSL, to encrypt not only the passwords, but also the
e-mail content itself.

The rewrite/redirect is much "friendlier" than just giving the users an
error, IMHO.

> Aren't computers fun?  <G>

I think so!  :)

-- 
Gilbert E. Detillieux		E-mail:	<gedetil at cs.umanitoba.ca>
Dept. of Computer Science	Web:	http://www.cs.umanitoba.ca/~gedetil/
University of Manitoba		Phone:	(204)474-8161
Winnipeg, MB, CANADA  R3T 2N2	Fax:	(204)474-7609



More information about the Roundtable mailing list