Results 1 to 5 of 5

Thread: Secure Server

  1. #1
    Join Date
    Jun 2008
    Location
    Dublin, Ireland
    Posts
    298

    Default Secure Server

    Hi,

    I am trying to configure Apache so that it only connects to a secure connection i.e. https:// when I browse to a certain page, i.e. login page. Does anyone know how to do this? I have configured Apache to run on a secure port.

    thanks,
    jlar

  2. #2
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: Secure Server

    A rewrite rule will do what you want. Here's one I used for a site. Don't ask me to explain it off the top of my head, mod_rewrite is powerful but black magic. Something I've been meaning to delve more into but need a project to do it for.

    Code:
            RewriteEngine on
            RewriteCond %{SERVER_PORT} !^443$
            RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
    Here's a tute for mod_rewrite. URL Rewriting Guide - Apache HTTP Server but you should be able to find more friendly tutes on the web.

  3. #3
    Join Date
    Jun 2008
    Location
    Dublin, Ireland
    Posts
    298

    Default Re: Secure Server

    Hi Ken_yap,

    You always reply to my posts... thanks yet again.

    I will give that a try

    jlar

  4. #4
    Join Date
    Jun 2008
    Location
    Dublin, Ireland
    Posts
    298

    Default Re: Secure Server

    Hi,

    Not sure if I am going about this the right way...

    I want to redirect all requests to

    Code:
    http://localhost/account
    to

    Code:
    https://localhost/account

    Do I put the .htaccess in the /account folder? I put this into http://localhost/account

    Code:
            RewriteEngine on
            RewriteCond %{SERVER_PORT} !^443$
            RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]


    I already have a .htaccess file in the document root which routes all requests through index.php:

    Code:
    RewriteEngine on
    RewriteCond %{SCRIPT_FILENAME} !-f
    RewriteCond %{SCRIPT_FILENAME} !-d
    RewriteRule ^(.*)$ index.php/$1
    Also I don't know whether to be on port 80 or 443. I put both into my vhosts file:

    Code:
    <VirtualHost *:80>
    
    ServerName apollo
    DocumentRoot /var/www/phpweb20/htdocs
    
    <Directory /var/www/phpweb20/htdocs>
    	AllowOverride All
    	Options All
    </Directory>
    
    </VirtualHost>
    
    <VirtualHost *:443>
    
    ServerName apollo
    DocumentRoot /var/www/phpweb20/htdocs
    
    <Directory /var/www/phpweb20/htdocs>
    	AllowOverride All
    	Options All
    </Directory>
    
    SSLEngine On
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:!eNULL
    
    SSLCertificateFile /etc/apache2/ssl/server.pem
    SSLCertificateKeyFile /etc/apache2/ssl/serverkey.pem
    SSLCACertificateFile /etc/apache2/ssl/cacert.pem
    
    SSLVerifyClient require
    SSLVerifyDepth 1
    
    SSLOptions +StrictRequire +StdEnvVars
    
    <Directory /var/www/phpweb20/htdocs/account>
    	SSLRequireSSL
    	SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
    	SSLRequire %{SSL_CLIENT_S_DN_O} eq "Secure Space"
    	SSLRequire %{SSL_CLIENT_S_DN_OU} eq "Administration"
    </Directory>
    
    Alias /phpMyAdmin "/srv/www/oci/htdocs/phpMyAdmin"
    
    <Directory /srv/www/oci/htdocs/phpMyAdmin>
            # Restrict phpmyadmin access to just my worksation
            Options All
            Deny from none
           Allow from localhost
    </Directory>
    
    </VirtualHost>

  5. #5
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: Secure Server

    Yeah, combine those rewrite rules with the set already there, but you have to be careful of the order in which they are executed, so read up on what those flags (e.g. [L,R]) mean.

    You'll need sections for both port 80 and port 443.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •