|
|
Protection options for HTTPS Apache servers
Well, I tried this, without success. I have Complete Apache 2.0.52 installed.
SSL is configured within a
block.
It seems that you can indeed remove ciphers with:
on a per server/virtual host basis, as described in the hint and official docs, but Apache seems to stop you from adding ciphers back in per directory within a notwithstanding this hint or official apache documentation. You can, however, further remove ciphers within a
All in all, quite confusing.
cp
Ooops.. Use Location instead of Directory
Sorry this didn't work for you. It's a very slick trick so I would like to see others able to get it working.
As I noted, I didn't test the configs that I posted in the original hint and in checking one of my config files where I'm doing something slightly different (overriding SSLVerifyClient and setting it to None for a particular subspace where I don't want to require a client side certificate) I noticed that I'm using a Location rather than Directory directive. When I posted I checked the Apache doc which seemed to say that both were supported so I posted an my hint using Directory. In testing I found that a Directory section did not work as you found. Using Location instead worked just fine. So the config should read: # This is all inside a VirtualHost tag Location / SSLVerifyClient None SSLCipherSuite -ALL SSLRequireSSL /Location Location /books/ SSLCipherSuite HIGH SSLRequireSSL /LocationSo try it in a Location block and please let me/us know if it works. My WAG (wild a$$ guess) is that Apache isn't properly taking the URL from the request and figuring out which Directory block(s) apply and what the SSL settings are. Using a Location block probably makes it easier for Apache to do the right thing. -m |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.08 seconds |
|