Helpful Information
 
 
Category: Security and Cryptography
Allow a https request to a directory

Sorry if this has been covered...

I have my ssl pointed at a certian directory
and it works fine. I would like to deny
http requests to this directory.

I have tried to use a directory contaner
in the httpd.conf file
with deny from all statment, like;

this is abreveated
<directory /www/someplace/secure:80
deny from all
<directory>

with no success. is there a simple way to do this? maybe with a rewrite rule?
Thanks in advance

I am using a linux machine with
apache 1.3.12+mod-ssl+mysql+php4.02 etc...


Slim

Is there an entrance page before getting into that directory?

>>is there a simple way to do this?

No.

>>maybe with a rewrite rule?

Yup.

So what is the full dir path to both SSL and non-SSL? How about both in URLs?

Thanks for the response,
The standard apache ssl index file is there.
I could remove the index, in which case they would recive a no permission to view error.
But I would like to keep an index file for the ssl users.

This directory is within a virtual host.

The ssl directory container looks like this:
some parts are removed or changed for obvious
reasons..

<VirtualHost 64.xx.xxx.xx:443>
DocumentRoot "/www/pppp/secure"
ServerName www.pppp.org (http://www.pppp.org)
ServerAdmin admin@pppp.org
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
Bla Bla
</virtualhost>

Anyway thaks again..

Slim
If I go to https://www.pppp.org It brings me to the page I would expect..securly.

if I point the browser to: http://www.pppp.org/secure I get to the same page. I dont want this. I know I could just
move the ssl directory out of the path of
http:// But that would entale rewriting alot
of scripts and pages. I know, I know, dial 1-800-Waaah. But like I say, I was looking for an easier way.

In your non-SSL container, add <LocationMatch> to it.
http://www.apache.org/docs/mod/core.html#locationmatch

i.e.

<LocationMatch ^/secure>
Order deny,allow
Deny from all
Allow from 192.168.0.
</LocationMatch>

works great! Thanks, Never thought to
go in that direction...

Slim










privacy (GDPR)