Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > https protection for certain webproject's subdirs

Reply
Thread Tools Display Modes

https protection for certain webproject's subdirs

 
 
Markus Muessig
Guest
Posts: n/a

 
      07-02-2003, 02:19 PM
Hello forum,
I have the problem, how to protect a part of a website via ssl (certs with
client authentication).
I managed to protect the entire project but i don't find the correct
changes in certs and/or httpd.conf (virtual host section) where to limit
ssl-protection to certain subdirs of my project.
this is the virtual host section which makes protection for the entire
project:

================================================== =========================
httpd.conf snip

<VirtualHost 192.168.0.49:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/ssltest
ServerName ssltest
ErrorLog /var/log/apache/error.log
SSLEngine On
SSLVerifyClient require
SSLCertificateFile /etc/ssl/certPool/certs/(E-Mail Removed)
SSLCertificateKeyFile /etc/ssl/certPool/private/(E-Mail Removed)
SSLCACertificatePath /etc/ssl/certPool/ca/
SSLCACertificateFile /etc/ssl/certPool/ca/ca.crt
SSLCARevocationFile /etc/ssl/certPool/crl/ca.crl
SSLCARevocationPath /etc/ssl/certPool/crl/
SSLLog /var/log/apache/ssl.log
SSLLogLevel debug
</VirtualHost>
================================================== ==========================

and this was my idea how to protect only access to files located in subdocs:

================================================== ==========================
another httpd.conf snip

<VirtualHost 192.168.0.49:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/ssltest
ServerName ssltest
ErrorLog /var/log/apache/error.log
SSLEngine On
SSLVerifyClient none
SSLCertificateFile /etc/ssl/certPool/certs/(E-Mail Removed)
SSLCertificateKeyFile /etc/ssl/certPool/private/(E-Mail Removed)
SSLCACertificatePath /etc/ssl/certPool/ca/
SSLCACertificateFile /etc/ssl/certPool/ca/ca.crt
SSLCARevocationFile /etc/ssl/certPool/crl/ca.crl
SSLCARevocationPath /etc/ssl/certPool/crl/
SSLLog /var/log/apache/ssl.log
SSLLogLevel debug

<Directory subdocs>
SSLVerifyClient require
SSLVerifyDepth 1
</Directory>

</VirtualHost>
================================================== ==========================


I read about that the common name in clients certificate must be the server-
name from my virtual host definition! That was right (i failed to attempt
it different way :-) ), but do i have to change the common name from
ssltest to ssltest/subdocs if i just want files
located in subdocs to be ssl-protected?

What did i wrong?

Greetings, Markus Muessig


--
-----------------------------------------------------------------------------
UNIX IS NOT UNFRIENDLY, IT'S JUST PICKY ABOUT ITS FRIENDS
 
Reply With Quote
 
 
 
Reply

« Alcatel SpeedTouch Ethernet and Linux | named problem on read-only system »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can one run an SSL VPN on the same IP as an HTTPS web server? Peter Broadband 4 10-29-2011 08:28 PM
HTTPS question Rich Fife Linux Networking 2 02-20-2008 11:20 PM
why not have https for all sites scott_doyland@johnlewis.co.uk Wireless Internet 6 09-01-2006 07:13 PM
https to https proxy search Brad Esclavon Linux Networking 0 02-28-2006 04:14 PM
https Bob Wireless Internet 2 04-25-2004 08:28 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11