[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] [question] how to urge users to https sites
- Subject: Re: [cobalt-security] [question] how to urge users to https sites
- From: "Up The Blues" <blue@xxxxxxxxxxxxxxxxx>
- Date: Wed, 26 Dec 2001 10:53:50 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Markus,
In the httpd.conf file there is a section above the virtual sites which runs
through the conf file and adds sections which are generic to the cobalt
configuration at run time - (and leaving the conf file intact). The start of
this section looks a little like this...
# O.K. What we bassically want to do is build up new section in the conf
file
# for SSL sections.
and it will then start with a While statement - trace this down and remark
out (place a # at the beginning of the line) the entire while segment (ends
just above the close httpd.conf statement). Just after the close there's
another if statement that needs remarking out - then that's the lot for the
butchering.
Next - find the virtual site that you want to add the SSL onto and modify it
to something similar to below - notice the sections I've remarked out - you
NEED to do this and also make sure you add the listen command at the top on
port 443 and add the port onto the virtualhost tag.
Listen 2xx.2xx.4xx.2xx:443
<VirtualHost 2xx.2xx.4x.2xx:443>
ServerName secure.scs-web.net
ServerAdmin admin
DocumentRoot /home/sites/site14/web
#RewriteEngine on
#RewriteCond %{HTTP_HOST} !^2xx.2xx.4xx.2xx(:80)?$
#RewriteCond %{HTTP_HOST} !^secure.scs-web.net(:80)?$
#RewriteRule ^/(.*) http://secure.scs-web.net/$1
[L,R]
#RewriteOptions inherit
SSLengine on
SSLCertificateFile /home/sites/site14/certs/certificate
SSLCertificateKeyFile /home/sites/site14/certs/key
AliasMatch ^/~([^/]+)(/(.*))? /home/sites/site14/users/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /home/sites/site14/users/$1/web/$3
TransferLog /home/sites/site14/logs/access_log
ErrorLog /home/sites/site14/logs/error_log
AddHandler cgi-wrapper .cgi
AddHandler cgi-wrapper .pl
AddHandler server-parsed .shtml
AddType text/html .shtml
</VirualHost>
This will then stop the site from accepting requests on port 80 - and only
pick them up on the SSL port 443. If anyone tries to access the site via
normal http - you'll find them redirected to the raq home page. You can make
it accept the requests via normal http by making a copy of the above,
removing the SSL stuff and ideally changing where the server root is to
protect your SSL site - which was my entire reason for doing it!
Only problem with this is you can't change the SSL settings in the GUI -
only the certificates - there's no way to remove SSL and move it to another
site. This is required to be done manually.
regards
Lee
----- Original Message -----
From: "markus noeske" <mnoeske@xxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Wednesday, December 26, 2001 10:20 AM
Subject: [cobalt-security] [question] how to urge users to https sites
> on the cobalt servers behind every https page there
> is (because of a lack of the web-based configuration)
> always a http site with the same name
> that can accessed without ssl-encryption. is
> there a way to implement a require https in a
> .htaccess file together with an user authentification
> like require valid user?
>
> regards
> markus
> p.s. this was a topic a few months ago
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>