Turning non-SSL traffic off

Turning non-SSL traffic off

am 05.07.2005 16:42:34 von Hoda Nadeem

This is a multi-part message in MIME format.

------_=_NextPart_001_01C5816F.C70E88D3
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

=20
What is the easiest and cleanest way to entirely turn all non-SSL
traffic off and only allow SSL traffic to pass through?=20
=20
Thanks.=20
=20
Nadeem
=20
Note: We are trying to use mod_rewrite, and it is currently messing up
the mod_jk connector:
=20


RewriteEngine On

#Accept nothing else than login processing on port 443

RewriteCond %{SERVER_PORT} !443

RewriteRule ^/(.*) /$1 [L,R]=20




------_=_NextPart_001_01C5816F.C70E88D3
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable



charset=3Dus-ascii">


 

What =
is the easiest=20
and cleanest way to entirely turn all non-SSL traffic off and only allow =
SSL=20
traffic to pass through?

class=3D057423714-05072005> face=3DArial size=3D2> 

size=3D2>Thanks.=20

size=3D2> 

size=3D2>Nadeem

size=3D2> 

Note:=20
 class=3D057423714-05072005>We are trying to =
use=20
mod_rewrite, and it is currently messing up the mod_jk=20
connector:


size=3D2> 

size=3D2><IfModule=20
mod_rewrite.c>


class=3D057423714-05072005>    RewriteEngine=20
On


class=3D057423714-05072005>    #Accept nothing =
else than=20
login processing on port 443


class=3D057423714-05072005>    RewriteCond =
%{SERVER_PORT}=20
!443


class=3D057423714-05072005>    RewriteRule =
^/(.*)  class=3D057423714-05072005><our domain name>/$1 [L,R]=20


size=3D2></IfModule>

<=
/BODY>

------_=_NextPart_001_01C5816F.C70E88D3--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Turning non-SSL traffic off

am 05.07.2005 19:03:58 von dufresne

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



don't open or bind to port 80, load the mod_ssl and force the browser to
load and bind only to 443. All done in the httpd.conf. and then backed
up with the firewall or screening router to deny port 80 requests.

Thanks,

Ron DuFresne

On Tue, 5 Jul 2005, Hoda Nadeem wrote:

>
> What is the easiest and cleanest way to entirely turn all non-SSL
> traffic off and only allow SSL traffic to pass through?
>
> Thanks.
>
> Nadeem
>
> Note: We are trying to use mod_rewrite, and it is currently messing up
> the mod_jk connector:
>
>
>
> RewriteEngine On
>
> #Accept nothing else than login processing on port 443
>
> RewriteCond %{SERVER_PORT} !443
>
> RewriteRule ^/(.*) /$1 [L,R]
>
>
>
>

- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

....We waste time looking for the perfect lover
instead of creating the perfect love.

-Tom Robbins
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCyr2Bst+vzJSwZikRAhDrAJ0bRcpay0dt4Gxsm/NYEQjGvdDRAgCg 2R4l
Z97Ie5WhpPi3ziXffx4Wb70=
=aVTr
-----END PGP SIGNATURE-----
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Certificates...

am 06.07.2005 04:16:04 von PJ

Does anyone know how to save incoming certificates to disk?
Or can anyone suggest a forum for apache module writers?

Cheers
...
Pj.

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/41 - Release Date: 5/07/2005


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Certificates...

am 06.07.2005 10:39:05 von Matt Stevenson

You could use the ssl_var_lookup function in a
module...=20

cert =3D ssl_var_lookup(r->pool, r->server,
r->connection, r, "SSL_CLIENT_CERT");

or a cgi/php page and env variables
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC25.

As for module writting look at the source of the
modules that ship with apache (auth ones are an easy
start). Not sure about forums.

Regards
Matt =20



--- Pj wrote:

> Does anyone know how to save incoming certificates
> to disk?
> Or can anyone suggest a forum for apache module
> writers?
>=20
> Cheers
> ..
> Pj.=20
>=20
> --=20
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.9/41 -
> Release Date: 5/07/2005
> =20
>=20
>
____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) =20
> www.modssl.org
> User Support Mailing List =20
> modssl-users@modssl.org
> Automated List Manager =20
> majordomo@modssl.org
>=20



=09
____________________________________________________
Sell on Yahoo! Auctions =96 no fees. Bid on great items. =20
http://auctions.yahoo.com/
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org