Limiting SSL to one virtual host

Limiting SSL to one virtual host

Post by Richard Gratio » Sat, 06 Oct 2001 01:34:53



Hi All,

I have a webserver with about 15 v hosts. The problem is that an https
request to any host whose IP resolves to the server is given the (only)
configured SSL host. Is there a way to restrict SSL responses to only a
single v host?

TIA
Rich

 
 
 

Limiting SSL to one virtual host

Post by Rob Wall » Sat, 06 Oct 2001 11:13:38


I belive you need to get rid of any  defaults and explicetly 'catch' all
requests to specfic vhosts.
So, don't do this:
    <VirtualHost _default_:443>
    ...
    </VirtualHost>

Do this (for name based vhosts):

#put this in global config:
NameVirtualHost x.x.x.x:80
NameVirtualHost x.x.x.x:443

now for each vhost do:
#vhost1 - the SSL vhost
<VirtualHost x.x.x.x:443>
    ServerName vhost1
    DocumentRoot /vhost1docs
#for SSL only of course
    SSLEngine on
    SSLCipherSuite -ALL:RC4+RSA:+HIGH:+MEDIUM:
    SSLCertificateFile /etc/httpd/conf/ssl.crt/vhost1.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/vhost1.key
    SSLCertificateChainFile /etc/httpd/conf/ssl.crt/vhost1.crt
     <Location />
              SSLRequireSSL
     </Location>
#and any other directory stuff
</VirtualHost>

#vhost 2
<VirtualHost x.x.x.x:80>
...
</VirtualHost>
etc...

You can, of course have a port 80 vhost for the vhost1 name (your SSL
vhost), if desired, so https://vhost1.domain and http://vhost1.domain can be
seperately handled (have different DocumentRoots, logs, etc...) and you can
have multiple SSL certificates for different vhosts.
I have an Apache book that says you can't have multiple SSL'd name based
vhosts, but I do it with v. 1.3.19...


Quote:> Hi All,

> I have a webserver with about 15 v hosts. The problem is that an https
> request to any host whose IP resolves to the server is given the (only)
> configured SSL host. Is there a way to restrict SSL responses to only a
> single v host?

> TIA
> Rich


 
 
 

Limiting SSL to one virtual host

Post by Jorey Bum » Sat, 06 Oct 2001 15:44:46



> I have an Apache book that says you can't have multiple SSL'd name based
> vhosts, but I do it with v. 1.3.19...

You can have multiple SSL'd name based vhosts, but only one per IP. Or to
be more precise, only one SSL server per IP.

Another approach is to use VirtualDocumentRoot with your default SSL host:

 <VirtualHost _default_:443>
   UseCanonicalName        Off
   # get directory name from header:
   # for my.foo.com %1=my %2=foo
   # directory=/var/www/ssl/my/foo
   VirtualDocumentRoot     /var/www/ssl/%1/%2
   ...
 </VirtualHost>

Then any host that doesn't have a directory in /var/www/ssl/my/ will get a
404-Page Not Found error. You can also share a certificate this way, but
you will get a browser warning if the domain names don't match the
certificate. This is okay if you just want the encryption.

 
 
 

1. Apache 1.3b2: Default Host and all virtual hosts serve only first virtual hosts pages?

Hello.

Have been running 1.2b8 for a intranet and decided to move upto 1.3b2. I
have several name based virtual hosts that have been working under
1.2b8. After compiling and installing 1.3b2 my virtual hosts do not
work. In fact what happens is that even though DocumentRoot and default
server name is different, eg: www.serverA.net pointing to /www/default,
Apache 1.3b2 will always take me to the first defined virtual host as if
it's locked to it no matter what virtual host I try to browse. What
gives? Please post and E-Mail.

In /etc/hosts for my machines IP address I have

A.B.C.D         www.default.net www.virtA.net www.virtB.net

In ../conf/httpd.conf I have;

<VirtualHost www.virtA.net>

DocumentRoot /usr/local/www/virtA
ServerName www.virtA.net
ErrorLog logs/virtA.error.log
TransferLog logs/virtA.access.log
</VirtualHost>

<VirtualHost www.virtB.net>

DocumentRoot /usr/local/www/virtB
ServerName www.virtB.net
ErrorLog logs/virtB.error.log
TransferLog logs/virtB.access.log
</VirtualHost>

--

2. rtf document reader

3. Mixing Apache Name Based Virtual Hosts and SSL Virtual Host

4. Problem with gethostbyname_r on solaris 2.6

5. : How to prevent one named virtual host from "seeing" another virtual hosts files ?

6. poweroff problem

7. Name bases Virtual hosts, SSL and one ordering page for multiple domains

8. Question about SyQuest Syjets...

9. Virtual Servers: WWW, FTP, POP, SMTP, SSL capable (not simply Virtual Hosting)

10. Apache 2.0.x virtual host ALWAYS beings up the FIRST host in the list..

11. Virtual Host defaults to first host

12. FrontPage virtual hosting, removal or reset of virtual host

13. For Discussion: web virtual hosting vs mail virtual hosting