[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] How to force httpS for a directory--RaQ4
- Subject: Re: [cobalt-security] How to force httpS for a directory--RaQ4
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Date: Sun, 27 Jan 2002 00:52:48 +0300 (MSK)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Sat, 26 Jan 2002 14:00:48 -0600 mpp1031@xxxxxxxxxxx wrote:
> I'd like to know how to force https for a certain directory or
> directories,
> and/or if possible, force https for only specific HTML documents. Also,
> related to this, I also need to have certain directories do user
> authentication (also via https). Anybody got a clue?
If you have traditional httpd.conf, you can do that easily: in the
http virtual host, place appropriate Redirect or RewriteRule in
the needed <Directory> sections, pointing to the same URL but under
https:// method. In the https virtual host section, do not put these
Redirects. You get what you need: when a user tries to enter to
http://something, he is redirected to https://somehting.
Too bad that Cobalt Apache setup (ab)uses mod_perl to generate
both http and https virtual host sections from the same template,
so there is no easy way to place Redirect to http vhost but not
to https one. Of course you can completely overhaul httpd.conf,
but that will almost certainly break the admin interface, that is,
you won't be able to change http configuration from the web interface.
If anyone has an elegant workarond for this problem, would he please
stand up and say so :-)
Eugene