Turning non-SSL traffic off

This is a multi-part message in MIME format.

------_=_NextPart_001_01C5816F.C70E88D3
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


What is the easiest and cleanest way to entirely turn all non-SSL
traffic off and only allow SSL traffic to pass through?

Thanks.

Nadeem

Note: We are trying to use mod_rewrite, and it is currently messing up
the mod_jk connector:

<IfModule mod_rewrite.c>

RewriteEngine On

#Accept nothing else than login processing on port 443

RewriteCond %{SERVER_PORT} !443

RewriteRule ^/(.*) <our domain name>/$1 [L,R]

</IfModule>


------_=_NextPart_001_01C5816F.C70E88D3
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1458" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><SPAN class=3D057423714-05072005><FONT face=3DArial size=3D2>What =
is the easiest
and cleanest way to entirely turn all non-SSL traffic off and only allow =
SSL
traffic to pass through? </FONT></SPAN></DIV>
<DIV><SPAN class=3D057423714-05072005></SPAN><SPAN =
class=3D057423714-05072005><FONT
face=3DArial size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D057423714-05072005><FONT face=3DArial =
size=3D2>Thanks.
</FONT></SPAN></DIV>
<DIV><SPAN class=3D057423714-05072005><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D057423714-05072005><FONT face=3DArial
size=3D2>Nadeem</FONT></SPAN></DIV>
<DIV><SPAN class=3D057423714-05072005><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D057423714-05072005><FONT face=3DArial size=3D2>Note:
</FONT></SPAN><SPAN class=3D057423714-05072005><SPAN
class=3D057423714-05072005><FONT face=3DArial size=3D2>We are trying to =
use
mod_rewrite, and it is currently messing up the mod_jk
connector:</FONT></SPAN></DIV>
<DIV>
<DIV><SPAN class=3D057423714-05072005><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D057423714-05072005><FONT face=3DArial =
size=3D2><EM><IfModule
mod_rewrite.c></EM></FONT></DIV>
<DIV>
<P><FONT face=3DArial><FONT size=3D2><EM><SPAN
class=3D057423714-05072005>    </SPAN>RewriteEngine
On</EM></FONT></FONT></P>
<P><FONT face=3DArial><FONT size=3D2><EM><SPAN
class=3D057423714-05072005>    </SPAN>#Accept nothing =
else than
login processing on port 443</EM></FONT></FONT></P>
<P><FONT face=3DArial><FONT size=3D2><EM><SPAN
class=3D057423714-05072005>    </SPAN>RewriteCond =
%{SERVER_PORT}
!443</EM></FONT></FONT></P>
<P><FONT face=3DArial><FONT size=3D2><EM><SPAN
class=3D057423714-05072005>    </SPAN>RewriteRule =
^/(.*) <SPAN
class=3D057423714-05072005><our domain name>/$1</SPAN> [L,R]
</EM></FONT></FONT></P>
<P><FONT face=3DArial
size=3D2><EM></IfModule></EM></FONT></P></SPAN></DIV></SPAN></DIV><=
/BODY></HTML>

------_=_NextPart_001_01C5816F.C70E88D3--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
Hoda Nadeem [ Di, 05 Juli 2005 16:42 ] [ ID #866867 ]

Re: Turning non-SSL traffic off

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



don't open or bind to port 80, load the mod_ssl and force the browser to
load and bind only to 443. All done in the httpd.conf. and then backed
up with the firewall or screening router to deny port 80 requests.

Thanks,

Ron DuFresne

On Tue, 5 Jul 2005, Hoda Nadeem wrote:

>
> What is the easiest and cleanest way to entirely turn all non-SSL
> traffic off and only allow SSL traffic to pass through?
>
> Thanks.
>
> Nadeem
>
> Note: We are trying to use mod_rewrite, and it is currently messing up
> the mod_jk connector:
>
> <IfModule mod_rewrite.c>
>
> RewriteEngine On
>
> #Accept nothing else than login processing on port 443
>
> RewriteCond %{SERVER_PORT} !443
>
> RewriteRule ^/(.*) <our domain name>/$1 [L,R]
>
> </IfModule>
>
>

- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

....We waste time looking for the perfect lover
instead of creating the perfect love.

-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCyr2Bst+vzJSwZikRAhDrAJ0bRcpay0dt4Gxsm/NYEQjGvdDRAgCg 2R4l
Z97Ie5WhpPi3ziXffx4Wb70=
=aVTr
-----END PGP SIGNATURE-----
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
dufresne [ Di, 05 Juli 2005 19:03 ] [ ID #866868 ]

Certificates...

Does anyone know how to save incoming certificates to disk?
Or can anyone suggest a forum for apache module writers?

Cheers
...
Pj.

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/41 - Release Date: 5/07/2005


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
PJ [ Mi, 06 Juli 2005 04:16 ] [ ID #868539 ]

Re: Certificates...

You could use the ssl_var_lookup function in a
module...

cert =3D ssl_var_lookup(r->pool, r->server,
r->connection, r, "SSL_CLIENT_CERT");

or a cgi/php page and env variables
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC25.

As for module writting look at the source of the
modules that ship with apache (auth ones are an easy
start). Not sure about forums.

Regards
Matt



--- Pj <pj [at] netfire.com.au> wrote:

> Does anyone know how to save incoming certificates
> to disk?
> Or can anyone suggest a forum for apache module
> writers?
>
> Cheers
> ..
> Pj.
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.9/41 -
> Release Date: 5/07/2005
>
>
>
____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> modssl-users [at] modssl.org
> Automated List Manager
> majordomo [at] modssl.org
>



=09
____________________________________________________
Sell on Yahoo! Auctions =96 no fees. Bid on great items.
http://auctions.yahoo.com/
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
Matt Stevenson [ Mi, 06 Juli 2005 10:39 ] [ ID #868542 ]
Webserver » gmane.comp.apache.mod-ssl.user » Turning non-SSL traffic off

Vorheriges Thema: Connection time out problems
Nächstes Thema: updating ca-bundle.crt

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum