Monday 27 October 2003 12:19:29 pm
I have a eZ 3.2-site on Debian with Apache and Apache-SSL (not mod-ssl): I have achieved to send all username/password in https (encrypted), and everything else goes in http (clear-text). In apache/http it does a rewrite to https if you request a url-path that begins with /user. And in apache-ssl/https it does a rewrite to http if you request another url-path than /user.
From /etc/apache/httpd.conf:
<VirtualHost *>
<Directory /ezroot>
Options FollowSymLinks Indexes ExecCGI
AllowOverride None
Order deny,allow
allow from all </Directory>
ServerAdmin [email protected]
ServerName hostname.domain.com
ServerAlias admin.hostname.domain.com DocumentRoot /ezroot/
RewriteEngine On
RewriteRule ^/user(.*)$ https://%{HTTP_HOST}/user$1 [L]
RewriteRule !\.(gif|css|jpg|png|jar|ico|js)$ /ezroot/index.php </VirtualHost>
From /etc/apache-ssl/httpd.conf:
<VirtualHost *>
<Directory /ezroot>
Options FollowSymLinks Indexes ExecCGI
AllowOverride None
Order deny,allow
allow from all </Directory>
ServerAdmin [email protected]
ServerName hostname.domain.com
ServerAlias admin.hostname.domain.com DocumentRoot /ezroot/
SSLCACertificatePath /etc/apache-ssl/cert
SSLCACertificateFile /etc/apache-ssl/cert/ca.txt
SSLCertificateFile /etc/apache-ssl/cert/certificate.crt SSLCertificateKeyFile /etc/apache-ssl/cert/private.key
RewriteEngine On
RewriteRule ^/user(.*)$ /ezroot/index.php [L]
RewriteRule ^(.*) http://%{HTTP_HOST}$1 [L] </VirtualHost> The only problem I have found with this config is that if you are not authenticated and open url: http://admin.hostname.domain.com/ then you are presented the login-page without the /user/login appended in the url-path. I think I must hack some of the php-code to append the /user/login to the url in order to get redirected to https...? Except for that is seems to work fine. Please give me feedback about this config :-) Regards, Jonny
|