LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   SSL setup for one page using apache2 (http://www.linuxquestions.org/questions/linux-server-73/ssl-setup-for-one-page-using-apache2-674653/)

Carl Filby 10-06-2008 04:13 PM

SSL setup for one page using apache2
 
I need to setup SSL for this one page only

http://192.168.111.208/cgi-bin/caweb...viour=purchase

but not the whole site. How do I do it?

Matir 10-06-2008 05:42 PM

Set up SSL on your webserver with the same cgi-bin path as used for your normal setup, and then update all the links to that page to begin with https. Though, if you're doing shopping-type transactions, make sure all the pages involved in the entire transaction are secured via SSL.

Carl Filby 10-07-2008 08:09 AM

The problem is that if I setup SSL in order to use HTTPS the whole site is using HTTPS. That is not what I need. I need advice how to setup SSL so as to use SSL ONLY when needed.

Example goto southwestairlines.com and book a flight. Until you get to purchase screen you are on http. That is what I need http until get to purchase then use HTTPS.

I need to have an HTTPS and HTTP mixed environment.Where HTTPS is used when called.

Also I used this rewrite to go from http to https when needed:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^reservations.plx(.*) https://%{SERVER_NAME}/cgi-bin/cawebsite/reservations.plx$1 [R,L]

Above rewrite is located in my /etc/apache2.conf
I used: (self-signed cert temporary), after enabling SSL mod using a2enmod ssl
SSLEngine on
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key
But that is global(used in apache2.conf as while)

Matir 10-07-2008 08:54 AM

You'd also need to make sure the links within those pages point to https and not http, or else sensitive data may be exposed prior to the redirect.

Carl Filby 10-07-2008 08:56 AM

Quote:

Originally Posted by Matir (Post 3302875)
You'd also need to make sure the links within those pages point to https and not http, or else sensitive data may be exposed prior to the redirect.

HTTPS does NOT work if not enabled. I need to know how to enable as need and NOT globally.


All times are GMT -5. The time now is 08:56 AM.