Re: [cobalt-security] How to force httpS for a directory--RaQ4

["E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>]

> Date: Sat, 26 Jan 2002 14:00:48 -0600
> From: mpp1031@xxxxxxxxxxx

> I am using a RaQ4, Apache, blah, blah...the standard stuff...
> 
> I'd like to know how to force https for a certain directory or
> directories, and/or if possible, force https for only specific
> HTML documents.  Also, related to this, I also need to have

I'll assume that you're running separate http and https daemons.
The sites are totally separate.

> certain directories do user authentication (also via
> https).  Anybody got a clue?

Well, you can configure Ap for user authentication if you want
the popup box... username/password are retransmitted (cleartext
in the header before SSL encryption) with each request.

Your other alternative is to keep state by passing some variable
using GET or POST.  Or you could use cookies.  Either of these
requires decent knowledge about HTTP and building a good system;
I'd probably suggest that you stick with mod_auth.

> I've read through some of the archived postings and other
> Apache-related materials online, but nothing seems to work for
> me, or this is a Cobalt specific issue.

It's not Cobalt-specific.  Beyond the GUI, very little is
different from RedHat Linux.

> Can anyone help me?  (quickly?)  Big project coming due that
> needs this functionality...

With all due respect, learning on a big project is usually a bad
idea.


Eddy

Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
--

Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.  Do NOT
send mail to <blacklist@xxxxxxxxx>, or you are likely to be blocked.