SSLRequire use to enforce SSL for "almost all" files
am 18.06.2002 16:12:43 von Lars PovlsenHello modssl-users!
I have wrestled with mod_ssl for most of the day trying to use
SSLRequire to enforce SSL usage for all but a small list of php scripts
in a directory.
I tried putting the following in a .htaccess file:
SSLRequire %{SCRIPT_FILENAME} !~ m/(signon|get_swimg|get_disksw)\.php$/
It did *not* work as intended..., I could still use non-ssl access to
arbitrary scripts - only with "SSLRequireSSL" instead I saw some action
- but I cannot use that as the listed exceptions have to be available
"plain". Tried SSLLogLevel debug without any pointers to what was
wrong... In fact not even trying to test on IP address was successfull.
I finally went to mod_rewrite to get the job done:
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{SCRIPT_FILENAME} !(signon|get_swimg|get_disksw)\.php$
RewriteRule .* - [F]
- and that did the trick!
What was I doing wrong with SSLRequire - am I missing a point here - or
*is* mod_rewrite the only way to do this?
Sincerely,
Lars Povlsen
--
Filanet Europe
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org