[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apache and apache-ssl

> I'm somewhat confused about the configuration of apache and apache-ssl.
> I noticed that by default they both share the same document root,
> server root, and run under the same system user. I read about the
> different methods of authentication on the apache site, as well as
> .htaccess files, but didn't see a way to restrict access of certain
> pages to a secure connection only. Am I missing something or should I
> be setting up apache and apache-ssl to have separate document roots,
> server roots, and system users?

apache-ssl doesn't provide access restrictions.  It provides encrypted data.

You can still access all the web pages under apache-ssl, but no one can
sneak in and steal your information (credit cards) from what you POST to
the server.
If you are looking for access restrictions, then .htaccess is a start.

Not having the docs in front of me, I have to venture a guess that there
is a different configuration for http and https document roots that you
have to set up.

Reply to: