Mailinglist Archive: opensuse (1420 mails)

< Previous Next >
Re: [opensuse] Obscure http -> https redirection in Firefox
On 01/16/2014 05:30 PM, Stefan Gofferje wrote:
On 01/12/2014 11:40 AM, David C. Rankin wrote:
For your http/https virtual servers. How is apache handling the transfer to
https with redirection or with mod_rewrite and address rewriting?
Neither. I have 1 https vhost and the rest is http. So, I just have the
virtualhost configuration.

I tried your URL with http and I get nothing, just a blank white page. With
https I get all the warnings and things that make me think I'm about to
get shot.
Jeps, that's how it's supposed to be. As I said, I use the http host for
dumping stuff that's too big to send by email. I just mail direct links
then. So there's nothing really going on on the http host.

That works. You can provide yourself with secure access to your server and
provide open areas very easily. If you ever have the need, the most flexible way
I have found is to use the per-directory re-write to https I describe earlier,
and then to provide or restrict access using the Berkley database hash via
dbmmanage to setup/manager the password hash file. You are then free to create
and define any directory you want under /srv/http to suit your needs. For
example, I have a scratch share I use. After setting up your password file,
simply provide and include in httpd.conf like 'Include
conf/extra/httpd-local.conf' and then in httpd-local.conf define a directory
like:

<Directory "/srv/http/dcr">
Options +Indexes +FollowSymLinks
IndexOptions FancyIndexing IconsAreLinks FoldersFirst
AllowOverride AuthConfig Options FileInfo Limit

## rewrite outside http request to https
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} !^192\.168\.6\.
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</IfModule>

## require authentication to access the share
AuthType Basic
AuthName "AnyUniqueName"
AuthBasicProvider dbm
AuthDBMType DB
AuthDBMUserFile /usr/local/lib/apache2/dcraccess
Require valid-user
Order allow,deny

## provide intranet access w/o auth
Allow from 192.168.6.
Satisfy Any
</Directory>

It's a pretty slick way to define who gets access to what from where. You can
define any number of directories and have as many "AnyUniqueName" access zones
as you would like. You will need self-signed certificates, but it seems you
already have that.

If you see where I can fix things, please let me know as well.

--
David C. Rankin, J.D.,P.E.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >