Securing directories

Securing directories

am 08.11.2002 20:13:20 von Robert Lagana

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2875A.E6841F20
Content-Type: text/plain;
charset="iso-8859-1"

Hello,

Using mod_ssl .. on Apache .. I would like to secure two directories..

https://www.domain.com/homedir

https://www.domain.com/homedir2

Now if user go to http://www.domain.com will users
get a pop up saying that SSL is required?

Is this just a matter of having Port 80 and Port 443 enabled?

Do I set these directories up as virtual hosts?

Is there a link someone can provided that explains this?

Thanks,
Rob



------_=_NextPart_001_01C2875A.E6841F20
Content-Type: text/html;
charset="iso-8859-1"








size=2>Hello,

size=2> 

Using mod_ssl .. on
Apache .. I would like to secure two directories..

size=2> 

href="https://www.domain.com/homedir">https://www.domain.com /homedir

size=2> 

href="https://www.domain.com/homedir2">https://www.domain.co m/homedir2

size=2> 

Now if user go to href="http://www.domain.com">http://www.domain.com will users get a pop up
saying that SSL is required?

size=2> 

Is this just a
matter of having Port 80 and Port 443 enabled?

size=2> 

Do I set these
directories up as virtual hosts?

size=2> 

Is there a link
someone can provided that explains this?

size=2> 

size=2>Thanks,

size=2>Rob

size=2> 

size=2> 


------_=_NextPart_001_01C2875A.E6841F20--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Securing directories

am 08.11.2002 20:44:39 von Paul Bleimeyer

Rob,

You might want to use a restricted realm setup and use the
authnname and setup a number of users to control the access.
Part I: Restricting access.
Using a authorization file on the folder in question is also
possible, but if your users create subfolders, then they will
be prompted to reauthenticate as they traverse the subfolders.

Using the Authusername might be easier.

Part II: Secure vs. unsecure connections:
If you have both 80 and 443 bound to each of these
virtual websites, then users will be able to connect on each
port. Inserting the access controls mentioned at the top will
work across both. If you want to insure that users are not able
to open this connection via 80, then do not include this
port in your listen statements in http.conf.

There are many different ways to deal with this. See the following
for more details.

Binding ports and the listen option:
http://httpd.apache.org/docs-2.0/bind.html

Authentication overview.
http://httpd.apache.org/docs-2.0/howto/auth.html

Users via a password file:
http://httpd.apache.org/docs-2.0/howto/auth.html#gettingitwo rking

Users via a groups file:
http://httpd.apache.org/docs-2.0/howto/auth.html#lettingmore thanonepersonin

On Fri, 8 Nov 2002, Robert Lagana wrote:

> Hello,
i>
> Using mod_ssl .. on Apache .. I would like to secure two directories..
>
> https://www.domain.com/homedir
>
> https://www.domain.com/homedir2
>
> Now if user go to http://www.domain.com will users
> get a pop up saying that SSL is required?
>
> Is this just a matter of having Port 80 and Port 443 enabled?
>
> Do I set these directories up as virtual hosts?
>
> Is there a link someone can provided that explains this?
>
> Thanks,
> Rob
>
>
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Securing directories

am 08.11.2002 20:53:22 von Robert Lagana

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C28760.7E257770
Content-Type: text/plain

Thank you very much Paul.

Regards,
Robert

-----Original Message-----
From: Paul Bleimeyer [mailto:paulb@mayo.edu]
Sent: Friday, November 08, 2002 2:45 PM
To: 'modssl-users@modssl.org'
Subject: Re: Securing directories



Rob,

You might want to use a restricted realm setup and use the
authnname and setup a number of users to control the access.
Part I: Restricting access.
Using a authorization file on the folder in question is also
possible, but if your users create subfolders, then they will
be prompted to reauthenticate as they traverse the subfolders.

Using the Authusername might be easier.

Part II: Secure vs. unsecure connections:
If you have both 80 and 443 bound to each of these
virtual websites, then users will be able to connect on each
port. Inserting the access controls mentioned at the top will
work across both. If you want to insure that users are not able
to open this connection via 80, then do not include this
port in your listen statements in http.conf.

There are many different ways to deal with this. See the following
for more details.

Binding ports and the listen option:
http://httpd.apache.org/docs-2.0/bind.html

Authentication overview.
http://httpd.apache.org/docs-2.0/howto/auth.html

Users via a password file:
http://httpd.apache.org/docs-2.0/howto/auth.html#gettingitwo rking

Users via a groups file:
http://httpd.apache.org/docs-2.0/howto/auth.html#lettingmore thanonepersonin

On Fri, 8 Nov 2002, Robert Lagana wrote:

> Hello,
i>
> Using mod_ssl .. on Apache .. I would like to secure two directories..
>
> https://www.domain.com/homedir
>
> https://www.domain.com/homedir2
>
> Now if user go to http://www.domain.com will
users
> get a pop up saying that SSL is required?
>
> Is this just a matter of having Port 80 and Port 443 enabled?
>
> Do I set these directories up as virtual hosts?
>
> Is there a link someone can provided that explains this?
>
> Thanks,
> Rob
>
>
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

------_=_NextPart_001_01C28760.7E257770
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable




charset=3DUS-ASCII">
5.5.2653.12">
RE: Securing directories



Thank you very much Paul.



Regards,

Robert



-----Original Message-----

From: Paul Bleimeyer [ HREF=3D"mailto:paulb@mayo.edu">mailto:paulb@mayo.edu]

Sent: Friday, November 08, 2002 2:45 PM

To: 'modssl-users@modssl.org'

Subject: Re: Securing directories







Rob,



You might want to use a restricted realm setup and =
use the

authnname and setup a number of users to control the =
access.

Part I: Restricting access.

Using a authorization file on the folder in question =
is also

possible, but if your users create subfolders, then =
they will

be prompted to reauthenticate as they traverse the =
subfolders.



Using the Authusername might be easier.



Part II: Secure vs. unsecure connections:

If you have both 80 and 443 bound to each of these =


virtual websites, then users will be able to connect =
on each

port. Inserting the access controls mentioned at the =
top will

work across both. If you want to insure that users =
are not able

to open this connection via 80, then do not include =
this

port in your listen statements in http.conf.



There are many different ways to deal with this. See =
the following

for more details.



Binding ports and the listen option:

HREF=3D"http://httpd.apache.org/docs-2.0/bind.html" =
TARGET=3D"_blank">http://httpd.apache.org/docs-2.0/bind.html



Authentication overview.

HREF=3D"http://httpd.apache.org/docs-2.0/howto/auth.html" =
TARGET=3D"_blank">http://httpd.apache.org/docs-2.0/howto/aut h.html FONT>



Users via a password file:

HREF=3D"http://httpd.apache.org/docs-2.0/howto/auth.html#get tingitworkin=
g" =
TARGET=3D"_blank">http://httpd.apache.org/docs-2.0/howto/aut h.html#getti=
ngitworking



Users via a groups file:

HREF=3D"http://httpd.apache.org/docs-2.0/howto/auth.html#let tingmorethan=
onepersonin" =
TARGET=3D"_blank">http://httpd.apache.org/docs-2.0/howto/aut h.html#letti=
ngmorethanonepersonin



On Fri, 8 Nov 2002, Robert Lagana wrote:



> Hello,

i> 

> Using mod_ssl .. on Apache .. I would like to =
secure two directories..



> TARGET=3D"_blank">https://www.domain.com/homedir < HREF=3D"https://www.domain.com/homedir" =
TARGET=3D"_blank">https://www.domain.com/homedir>



> TARGET=3D"_blank">https://www.domain.com/homedir2 < HREF=3D"https://www.domain.com/homedir2" =
TARGET=3D"_blank">https://www.domain.com/homedir2>



> Now if user go to HREF=3D"http://www.domain.com" =
TARGET=3D"_blank">http://www.domain.com < HREF=3D"http://www.domain.com" =
TARGET=3D"_blank">http://www.domain.com>  will users

> get a pop up saying that SSL is =
required?



> Is this just a matter of having Port 80 and =
Port 443 enabled?



> Do I set these directories up as virtual =
hosts?



> Is there a link someone can provided that =
explains this?



> Thanks,

> Rob





>



SIZE=3D2>___________________________________________________ ____________=
_______

Apache Interface to OpenSSL =
(mod_ssl)          &nb=
sp;        www.modssl.org

User Support Mailing =
List           &n=
bsp;          =
modssl-users@modssl.org

Automated List =
Manager           =
;            =
;     majordomo@modssl.org





------_=_NextPart_001_01C28760.7E257770--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Securing directories

am 08.11.2002 21:03:48 von Paul Bleimeyer

Anytime. Thats what this group is all about.
Let us know once you get things rolling.

Regards,

Paul


On Fri, 8 Nov 2002, Robert Lagana wrote:

> Thank you very much Paul.
>
> Regards,
> Robert
>
> -----Original Message-----
> From: Paul Bleimeyer [mailto:paulb@mayo.edu]
> Sent: Friday, November 08, 2002 2:45 PM
> To: 'modssl-users@modssl.org'
> Subject: Re: Securing directories
>
>
>
> Rob,
>
> You might want to use a restricted realm setup and use the
> authnname and setup a number of users to control the access.
> Part I: Restricting access.
> Using a authorization file on the folder in question is also
> possible, but if your users create subfolders, then they will
> be prompted to reauthenticate as they traverse the subfolders.
>
> Using the Authusername might be easier.
>
> Part II: Secure vs. unsecure connections:
> If you have both 80 and 443 bound to each of these
> virtual websites, then users will be able to connect on each
> port. Inserting the access controls mentioned at the top will
> work across both. If you want to insure that users are not able
> to open this connection via 80, then do not include this
> port in your listen statements in http.conf.
>
> There are many different ways to deal with this. See the following
> for more details.
>
> Binding ports and the listen option:
> http://httpd.apache.org/docs-2.0/bind.html
>
> Authentication overview.
> http://httpd.apache.org/docs-2.0/howto/auth.html
>
> Users via a password file:
> http://httpd.apache.org/docs-2.0/howto/auth.html#gettingitwo rking
>
> Users via a groups file:
> http://httpd.apache.org/docs-2.0/howto/auth.html#lettingmore thanonepersonin
>
> On Fri, 8 Nov 2002, Robert Lagana wrote:
>
> > Hello,
> i>
> > Using mod_ssl .. on Apache .. I would like to secure two directories..
> >
> > https://www.domain.com/homedir
> >
> > https://www.domain.com/homedir2
> >
> > Now if user go to http://www.domain.com will
> users
> > get a pop up saying that SSL is required?
> >
> > Is this just a matter of having Port 80 and Port 443 enabled?
> >
> > Do I set these directories up as virtual hosts?
> >
> > Is there a link someone can provided that explains this?
> >
> > Thanks,
> > Rob
> >
> >
> >
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Securing directories

am 10.11.2002 19:28:03 von Peter Viertel

I'd set these up as virtual hosts - the essence of what you want to do
here is to make http://www.domain.com/ return different information than
https://www.domain.com.

Having done that (by following the links in the other reply you got) you
then will need to set up what you want to happen on the http side of
things - there is no automatic pop-up as you were asking for.

What many do is simply configure http to do a redirect to https, like this:

Redirect / https://www.domain.com/

or you can just put up a page with a link to https and explanatory text
- which is often a good way of doing it so they have something to look
at for explanation if their SSL client is not compatible with your site
for example.

-PeterV.

Robert Lagana wrote:

> Hello,
>
> Using mod_ssl .. on Apache .. I would like to secure two directories..
>
> https://www.domain.com/homedir
>
> https://www.domain.com/homedir2
>
> Now if user go to http://www.domain.com will users get a pop up saying
> that SSL is required?
>
> Is this just a matter of having Port 80 and Port 443 enabled?
>
> Do I set these directories up as virtual hosts?
>
> Is there a link someone can provided that explains this?
>
> Thanks,
> Rob
>
>


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org