Secure Server

eeijlar · July 24, 2008, 10:58am

Hi,

I am trying to configure Apache so that it only connects to a secure connection i.e. https:// when I browse to a certain page, i.e. login page. Does anyone know how to do this? I have configured Apache to run on a secure port.

thanks,
jlar

ken_yap · July 24, 2008, 11:14am

A rewrite rule will do what you want. Here’s one I used for a site. Don’t ask me to explain it off the top of my head, mod_rewrite is powerful but black magic. Something I’ve been meaning to delve more into but need a project to do it for.

        RewriteEngine on
        RewriteCond %{SERVER_PORT} !^443$
        RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Here’s a tute for mod_rewrite. [(http://httpd.apache.org/docs/2.0/misc/rewriteguide.html) but you should be able to find more friendly tutes on the web.]((http://httpd.apache.org/docs/2.0/misc/rewriteguide.html) but you should be able to find more friendly tutes on the web.)

eeijlar · July 24, 2008, 11:26am

Hi Ken_yap,

You always reply to my posts… thanks yet again.

I will give that a try

jlar

eeijlar · July 26, 2008, 2:09am

Hi,

Not sure if I am going about this the right way…

I want to redirect all requests to

http://localhost/account

to

http**s**://localhost/account

Do I put the .htaccess in the /account folder? I put this into http://localhost/account

        RewriteEngine on
        RewriteCond %{SERVER_PORT} !^443$
        RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

I already have a .htaccess file in the document root which routes all requests through index.php:

RewriteEngine on
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1

Also I don’t know whether to be on port 80 or 443. I put both into my vhosts file:

<VirtualHost *:80>

ServerName apollo
DocumentRoot /var/www/phpweb20/htdocs

<Directory /var/www/phpweb20/htdocs>
	AllowOverride All
	Options All
</Directory>

</VirtualHost>

<VirtualHost *:443>

ServerName apollo
DocumentRoot /var/www/phpweb20/htdocs

<Directory /var/www/phpweb20/htdocs>
	AllowOverride All
	Options All
</Directory>

SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:!eNULL

SSLCertificateFile /etc/apache2/ssl/server.pem
SSLCertificateKeyFile /etc/apache2/ssl/serverkey.pem
SSLCACertificateFile /etc/apache2/ssl/cacert.pem

SSLVerifyClient require
SSLVerifyDepth 1

SSLOptions +StrictRequire +StdEnvVars

<Directory /var/www/phpweb20/htdocs/account>
	SSLRequireSSL
	SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
	SSLRequire %{SSL_CLIENT_S_DN_O} eq "Secure Space"
	SSLRequire %{SSL_CLIENT_S_DN_OU} eq "Administration"
</Directory>

Alias /phpMyAdmin "/srv/www/oci/htdocs/phpMyAdmin"

<Directory /srv/www/oci/htdocs/phpMyAdmin>
        # Restrict phpmyadmin access to just my worksation
        Options All
        Deny from none
       Allow from localhost
</Directory>

</VirtualHost>

ken_yap · July 26, 2008, 2:15am

Yeah, combine those rewrite rules with the set already there, but you have to be careful of the order in which they are executed, so read up on what those flags (e.g. [L,R]) mean.

You’ll need sections for both port 80 and port 443.