Re: apache and apache-ssl
> I'm somewhat confused about the configuration of apache and apache-ssl.
> I noticed that by default they both share the same document root,
> server root, and run under the same system user. I read about the
> different methods of authentication on the apache site, as well as
> .htaccess files, but didn't see a way to restrict access of certain
> pages to a secure connection only. Am I missing something or should I
> be setting up apache and apache-ssl to have separate document roots,
> server roots, and system users?
apache-ssl doesn't provide access restrictions. It provides encrypted data.
You can still access all the web pages under apache-ssl, but no one can
sneak in and steal your information (credit cards) from what you POST to
If you are looking for access restrictions, then .htaccess is a start.
Not having the docs in front of me, I have to venture a guess that there
is a different configuration for http and https document roots that you
have to set up.