LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-05-2006, 05:07 PM   #1
hendrixx
Member
 
Registered: Aug 2003
Location: Netherlands
Distribution: SuSE 10 Pro
Posts: 43

Rep: Reputation: 15
Question Apache using SSL on specific directory only ?


Hi all,

I am trying to use SSL on a specific directory only (https://localhost/phpmyadmin/) on my apache webserver.
This is working fine except that if for example i am using https://localhost/forum to acces my forum i am still allowed to use the SSL connection, but i want this disabled for the rest of my webserver directories.
So only if i want to acces http://localhost/phpmyadmin/ it automatically rewrites the URL to https://localhost/phpmyadmin/ and it should use the SSL connection and refuse it for the rest of the website. Any idea's how i can do this ? I have tried all sorts of configurations but i am at a loss here. Any help would be appreciated.

Thanks,
Jimmy

I am using SuSE 10 Professional with
Apache 2.2.0
PHP 4.4.2
MySQL 4.1.18
OpenSSL 0.9.7g

My configuration files:

httpd-vhosts.conf:
Code:
NameVirtualHost 192.168.10.2

#
# Local Web-server
#
<VirtualHost 192.168.10.2:80>
    DocumentRoot /srv/wwwlocal
    ServerName skywalker
    Include conf/mod-rewrite.conf
</VirtualHost>
httpd-ssl.conf:
Code:
<VirtualHost localhost:443>

DocumentRoot "/srv/wwwlocal"
ServerName skywalker:443
ServerAdmin admin@localhost
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /usr/local/apache2/conf/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/server.key

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /usr/local/apache2/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

I did not post my http.conf file because it is a bit large i think to post here.
(but if nessecary please let me know and i will post it)

Last edited by hendrixx; 05-04-2006 at 02:01 PM.
 
Old 04-06-2006, 01:24 AM   #2
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 116Reputation: 116
Try this in .htaccess:

RewriteEngine on
RewriteCond %{HTTPS}=off
RewriteRule ^phpmyadmin(.*) https://{SERVER_NAME}/phpmyadmin$1 [R,L]

RewriteCond %{HTTPS}=on
RewriteCond %{REQUEST_URI} !(phpmyadmin)
RewriteRule ^.*$ http://{SERVER_NAME}/$1 [R,L]

Should work, or should be close to working anyway. Similar syntax could be employed in your httpd.conf file.
 
Old 04-06-2006, 04:39 PM   #3
hendrixx
Member
 
Registered: Aug 2003
Location: Netherlands
Distribution: SuSE 10 Pro
Posts: 43

Original Poster
Rep: Reputation: 15
Hi jiml8,

Thanks for your quick reply, unfortunatly your suggestion doesn't work :-(

After trying to acces my webserver with https://localhost/ i see the following error messages in my log file :

Code:
192.168.10.2 - - [06/Apr/2006:22:34:03 +0200] [testuser/sid#81a17a8][rid#8245dc0/initial] (2) init rewrite engine with requested uri /
192.168.10.2 - - [06/Apr/2006:22:34:03 +0200] [testuser/sid#81a17a8][rid#8245dc0/initial] (3) applying pattern '^.*$' to uri '/'
192.168.10.2 - - [06/Apr/2006:22:34:03 +0200] [testuser/sid#81a17a8][rid#8245dc0/initial] (3) applying pattern '^/phpmyadmin/(.*)' to uri '/'
192.168.10.2 - - [06/Apr/2006:22:34:03 +0200] [testuser/sid#81a17a8][rid#8245dc0/initial] (1) pass through /
I have been trying al sorts of combinations based on your suggestion but none of them seem to work.
Somehow it doesn't allow me to rewrite the URL back to http:// instead of https://

Any idea's ?

Thanks,
Jimmy

Last edited by hendrixx; 04-06-2006 at 04:45 PM.
 
Old 04-09-2006, 11:18 PM   #4
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 116Reputation: 116
So what you are saying is that it remains in https when it shouldn't.

The syntax that works in RewriteCond seems to vary according to the argument.

What about this:

Rewritecond %{REQUEST_URI} !^/phpmyadmin/

or this:

Rewritecond %{REQUEST_URI} !^.*phpmyadmin/.*

Last edited by jiml8; 04-09-2006 at 11:21 PM.
 
Old 04-16-2006, 11:49 AM   #5
hendrixx
Member
 
Registered: Aug 2003
Location: Netherlands
Distribution: SuSE 10 Pro
Posts: 43

Original Poster
Rep: Reputation: 15
Hi jiml8,

Sorry i haven't respond earlier but i was away for a week.

Quote:
Originally Posted by jiml8
So what you are saying is that it remains in https when it shouldn't.
Exactly !
It remains in https mode if i leave the /phpmyadmin/ directory.

Quote:
Originally Posted by jiml8
The syntax that works in RewriteCond seems to vary according to the argument.

What about this:

Rewritecond %{REQUEST_URI} !^/phpmyadmin/

or this:

Rewritecond %{REQUEST_URI} !^.*phpmyadmin/.*
Tried both of them ... again none of them work :-(
I am beginning to get desperate here

It looks like it doesn't detect when i am in https mode, because when i look at te logs
it only writes something to the logs when i am NOT in https mode and want to acces a page
that should be in https mode (the /phpmyadmin/ dir), but once i am in https mode it
doesn't write anything to the logs no matter what i type in the adressbar.

I have tried the following alternatives found on the internet to look for https mode :

RewriteCond %{HTTPS} ^on$
RewriteCond %{HTTPS} =on
RewriteCond %{HTTPS} !=off
RewriteCond %{HTTPS} !^off$

But none of them seem to work ... i am beginning to get out of ideas.
Any thing else i have overlooked perhaps ?

Thanks,
Jimmy

Last edited by hendrixx; 04-16-2006 at 11:51 AM.
 
Old 05-03-2006, 12:03 PM   #6
othersalem
LQ Newbie
 
Registered: May 2006
Posts: 1

Rep: Reputation: 0
Just in case...

Just in case you overlooked this - if you posted your httpd-ssl.conf code correctly then wouldn't you have an error in the DocumentRoot line...
Code:
<VirtualHost localhost:443>

DocumentRoot "/srv/wwwlocal
...
Shouldn't there be a quote at the end of the line?
 
Old 05-04-2006, 02:00 PM   #7
hendrixx
Member
 
Registered: Aug 2003
Location: Netherlands
Distribution: SuSE 10 Pro
Posts: 43

Original Poster
Rep: Reputation: 15
Hi,
You're right, that was a typing error but i didn't changed it in my post here.
Unfortunatly it doesn't solve my problem ... any idea's ?

Thanks,
Jimmy
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache Directory Listing Of NFS Mount, cannot view directory list via apache luqmana Linux - Networking 2 12-19-2005 07:03 AM
apache: ssl only for specific pages wwnexc Linux - Software 2 11-23-2005 09:29 PM
Apache 1.3.33 (debian built) and Apache SSL does not respond to the proper ports lqorg_user Linux - Networking 0 11-06-2005 05:11 PM
Searching a specific directory for a specific extension? RoaCh Of DisCor Linux - Newbie 3 08-13-2005 04:28 PM
Confusion in directory in Apache SSL installation john lee Linux - Security 2 12-16-2004 12:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration