http and https from same config

http and https from same config

am 31.07.2002 13:02:28 von Svein.Seldal

Hi guys,

I want to run a http server on port 81 which should only be available to
the localnet, say 192.168.0.x/24 *and* on https with client certificates
from the whole world. No passwords should be used in neither methodes.

Now I've got SSL working with the certs, so that's not my question, but
how do I configure the virtual host to enforce these access rights?
Today I've "hacked" the problem by running two separate (yet identical)
virtual hosts. I want to run http(81) and https from the same virtual
host config. Is this possible?


Regards,
Svein
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: http and https from same config

am 31.07.2002 15:53:09 von Boyle Owen

>From: Svein E. Seldal [mailto:Svein.Seldal@solidas.com]
>
>Hi guys,
>
>I want to run a http server on port 81 which should only be
>available to
>the localnet, say 192.168.0.x/24 *and* on https with client
>certificates
>from the whole world. No passwords should be used in neither methodes.
>
>Now I've got SSL working with the certs, so that's not my
>question, but
>how do I configure the virtual host to enforce these access rights?
>Today I've "hacked" the problem by running two separate (yet
>identical)
>virtual hosts. I want to run http(81) and https from the same virtual
>host config. Is this possible?

I can't think how you would do this. IMHO, what you have already done (far from being a "hack") is the correct way to proceed - two virtualhosts with the same DocumentRoot (hence same content) but with different ports. The trouble is the "SSLEngine on" directive - this has only context in a VH, i.e. you can't make it conditional on an IP range, for instance.

Rgds,

Owen Boyle
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org