------_=_NextPart_001_01CAAF11.440658F1
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,



is there a possibility to pass a SSL client certificate via =
mod_proxy_ajp

to Tomcat, ideally the same way mod_jk did so Tomcat is able to extract

the certificate and add it as attribute to the request?



Thanks,



Chris


------_=_NextPart_001_01CAAF11.440658F1
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" =
xmlns:p=3D"urn:schemas-microsoft-com:office:powerpoint" =
xmlns:a=3D"urn:schemas-microsoft-com:office:access" =
xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" =
xmlns:s=3D"uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" =
xmlns:rs=3D"urn:schemas-microsoft-com:rowset" xmlns:z=3D"#RowsetSchema" =
xmlns:b=3D"urn:schemas-microsoft-com:office:publisher" =
xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadsheet" =
xmlns:c=3D"urn:schemas-microsoft-com:office:component:spread sheet" =
xmlns:odc=3D"urn:schemas-microsoft-com:office:odc" =
xmlns:oa=3D"urn:schemas-microsoft-com:office:activation" =
xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" =
xmlns:rtc=3D"http://microsoft.com/officenet/conferencing" =
xmlns:D=3D"DAV:" xmlns:Repl=3D"http://schemas.microsoft.com/repl/" =
xmlns:mt=3D"http://schemas.microsoft.com/sharepoint/soap/mee tings/" =
xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2003/x ml" =
xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd" =
xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/oi s/" =
xmlns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/di rectory/" =
xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" =
xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint/dsp" =
xmlns:udc=3D"http://schemas.microsoft.com/data/udc" =
xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" =
xmlns:sub=3D"http://schemas.microsoft.com/sharepoint/soap/20 02/1/alerts/"=
xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#" =
xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" =
xmlns:sps=3D"http://schemas.microsoft.com/sharepoint/soap/" =
xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance" =
xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/soap" =
xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile " =
xmlns:udcp2p=3D"http://schemas.microsoft.com/data/udc/partto part" =
xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/wor kflow/" =
xmlns:dsss=3D"http://schemas.microsoft.com/office/2006/digsi g-setup" =
xmlns:dssi=3D"http://schemas.microsoft.com/office/2006/digsi g" =
xmlns:mdssi=3D"http://schemas.openxmlformats.org/package/200 6/digital-sig=
nature" =
xmlns:mver=3D"http://schemas.openxmlformats.org/markup-compa tibility/2006=
" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns:mrels=3D"http://schemas.openxmlformats.org/package/200 6/relationshi=
ps" xmlns:spwp=3D"http://microsoft.com/sharepoint/webpartpages" =
xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/service s/2006/types"=
=
xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/service s/2006/messag=
es" =
xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/ SlideLibrary/=
" =
xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPor talServer/Pub=
lishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" =
xmlns:st=3D"
" xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
[at] font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
[at] font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
..MsoChpDefault
{mso-style-type:export-only;}
[at] page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>

<body lang=3DDE-AT link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal>Hello,<o:p></o:p></p>

<p class=3DMsoNormal><o:p> </o:p></p>

<p class=3DMsoNormal><span lang=3DEN-US>is there a possibility to pass a =
SSL client
certificate via mod_proxy_ajp <o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US>to Tomcat, ideally the same way =
mod_jk did so
Tomcat is able to extract<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US>the certificate and add it as =
attribute to
the request?<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US>Thanks,<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US>Chris<o:p></o:p></span></p>

</div>

</body>

</html>

------_=_NextPart_001_01CAAF11.440658F1--

--_000_7965A9DCF12CC14984420BCC37B1608F25A9E2D66CElzargrantc ou_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Dear all,

I am using Apache Server version: Apache/2.2.3 on Centos 5.4 (Test environm=
ent)
On Production Redhat 4 Server version: Apache/2.0.52

I have been looking for a way of:
1 - Prevent browsers with lower encryption to use my site, which I can do w=
ith the two directives below
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

2 - Redirect them to a warning page

<Directory "/">

SSLRequireSSL

SSLRequire (%{SSL_PROTOCOL} !=3D "SSLv2" and %{SSL_CIPHER_USEKEYSIZE} >=
=3D 128) or %{REQUEST_URI} =3D~ m:^/errors/:

ErrorDocument 403 /errors/403-ssl.html

</Directory>

When I use IE5 to access the site I get the following error:

Forbidden
You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an =
ErrorDocument to handle the request.


------------------------------------------------------------ ---------------=
-----

Apache/2.2.3 (CentOS) Server at secure01.grant.co.uk Port 443

Bellow is my Virtual Host:
NameVirtualHost 192.168.8.40:443
<VirtualHost 192.168.8.40:443>
Serveradmin renato.oliveira [at] grant.co.uk
DocumentRoot "/var/www/secure"
ServerName secure01.granted.co.uk
ErrorLog logs/secure01-error_log
CustomLog logs/secure01.granted.co.uk-access_log common
SSLEngine on

<Directory "/">
SSLRequireSSL
SSLRequire (%{SSL_PROTOCOL} !=3D "SSLv2" and %{SSL_CIPHER_USEKEYSIZE=
} >=3D 128) or %{REQUEST_URI} =3D~ m:^/errors/:
ErrorDocument 403 "Your Browser Does not support 128 Bit Encryption=
"
</Directory>


SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:=
-EXP

SSLCertificateFile /etc/httpd/conf/certs/server.crt
SSLCertificateKeyFile /etc/httpd/conf/certs/server.key
</VirtualHost>

If anyone could help me or point to the right direction, give a clue it wou=
ld be very much appreciated.
I have search loads before posting this question here.

Thank you very much in advance

Renato

Renato Oliveira
Systems Administrator
e-mail: renato.oliveira [at] grant.co.uk

Tel: +44 (0)1763 260811
Fax: +44 (0)1763 262410
www.grant.co.uk<http://www.grant.co.uk/>

Grant Instruments (Cambridge) Ltd

Company registered in England, registration number 658133

Registered office address:
29 Station Road,
Shepreth,
CAMBS SG8 6GB
UK





P Please consider the environment before printing this email
CONFIDENTIALITY: The information in this e-mail and any attachments is conf=
idential. It is intended only for the named recipients(s). If you are not t=
he named recipient please notify the sender immediately and do not disclose=
the contents to another person or take copies.

VIRUSES: The contents of this e-mail or attachment(s) may contain viruses w=
hich could damage your own computer system. Whilst Grant Instruments (Cambr=
idge) Ltd has taken every reasonable precaution to minimise this risk, we c=
annot accept liability for any damage which you sustain as a result of soft=
ware viruses. You should therefore carry out your own virus checks before o=
pening the attachment(s).

OpenXML: For information about the OpenXML file format in use within Grant =
Instruments please visit our website<http://www.grant.co.uk/Support/openxml=
..html>

--_000_7965A9DCF12CC14984420BCC37B1608F25A9E2D66CElzargrantc ou_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:a=3D"urn:schemas-micr=
osoft-com:office:access" xmlns:b=3D"urn:schemas-microsoft-com:office:publis=
her" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spread sheet" xml=
ns:D=3D"DAV:" xmlns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/di r=
ectory/" xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" xmlns:dsp=3D"http:=
//schemas.microsoft.com/sharepoint/dsp" xmlns:dssi=3D"http://schemas.micros=
oft.com/office/2006/digsig" xmlns:dsss=3D"http://schemas.microsoft.com/offi=
ce/2006/digsig-setup" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882=
" xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#" xmlns:ex12m=3D"http://sche=
mas.microsoft.com/exchange/services/2006/messages" xmlns:ex12t=3D"http://sc=
hemas.microsoft.com/exchange/services/2006/types" xmlns:html=3D"http://www.=
w3.org/TR/REC-html40" xmlns:m=3D"http://schemas.microsoft.com/office/2004/1=
2/omml" xmlns:mdssi=3D"http://schemas.openxmlformats.org/package/200 6/digit=
al-signature" xmlns:mrels=3D"http://schemas.openxmlformats.org/package/200 6=
/relationships" xmlns:mt=3D"http://schemas.microsoft.com/sharepoint/soap/me=
etings/" xmlns:mver=3D"http://schemas.openxmlformats.org/markup-compa tibili=
ty/2006" xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:oa=3D"ur=
n:schemas-microsoft-com:office:activation" xmlns:odc=3D"urn:schemas-microso=
ft-com:office:odc" xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soa=
p/ois/" xmlns:p=3D"urn:schemas-microsoft-com:office:powerpoint" xmlns:ppda=
=3D"http://www.passport.com/NameSpace.xsd" xmlns:pptsl=3D"http://schemas.mi=
crosoft.com/sharepoint/soap/SlideLibrary/" xmlns:q=3D"http://schemas.xmlsoa=
p.org/soap/envelope/" xmlns:Repl=3D"http://schemas.microsoft.com/repl/" xml=
ns:rs=3D"urn:schemas-microsoft-com:rowset" xmlns:rtc=3D"http://microsoft.co=
m/officenet/conferencing" xmlns:s=3D"uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14=
882" xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" xmlns:sps=3D"htt=
p://schemas.microsoft.com/sharepoint/soap/" xmlns:spsl=3D"http://microsoft.=
com/webservices/SharePointPortalServer/PublishedLinksService " xmlns:spwp=3D=
"http://microsoft.com/sharepoint/webpartpages" xmlns:ss=3D"urn:schemas-micr=
osoft-com:office:spreadsheet" xmlns:st=3D"
" xmlns:sub=3D"http://schemas=
..microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:udc=3D"http://schemas.=
microsoft.com/data/udc" xmlns:udcp2p=3D"http://schemas.microsoft.com/data/u=
dc/parttopart" xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/soap" xm=
lns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile" xmlns:v=3D"urn:=
schemas-microsoft-com:vml" xmlns:w=3D"urn:schemas-microsoft-com:office:word=
" xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/wor kflow/" xmlns=
:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:x2=3D"http://schemas.mi=
crosoft.com/office/excel/2003/xml" xmlns:xsd=3D"http://www.w3.org/2001/XMLS=
chema" xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance" xmlns:Z=3D"u=
rn:schemas-microsoft-com:"><head><META content=3D"text/html; charset=3Dus-a=
scii" http-equiv=3D"Content-Type">
<META content=3D"text/html; charset=3Dus-ascii" http-equiv=3D"Content-Type"=
>

<meta content=3D"text/html; charset=3Dus-ascii" http-equiv=3DContent-Type>
<meta content=3D"Microsoft Word 12 (filtered medium)" name=3DGenerator>
<style>
<!--
/* Font Definitions */
[at] font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:15.0pt;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:#195065;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";
color:#195065;}
..MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
[at] page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head><BODY>
<DIV STYLE=3D"FONT-SIZE: 9pt; FONT-FAMILY: Courier New">
<DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2">

<div class=3DSection1>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>Dear all,<o:p></o:p></sp=
an></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>I am using Apache Server
version: Apache/2.2.3 on Centos 5.4 (Test environment)<o:p></o:p></span></p=
>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>On Production Redhat 4 S=
erver
version: Apache/2.0.52<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>I have been looking for =
a way of:<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>1 – Prevent browse=
rs with
lower encryption to use my site, which I can do with the two directives bel=
ow<o:p></o:p></span></p>

<p class=3DMsoNormal style=3D'margin-left:30.0pt'><span style=3D'font-size:=
10.0pt;
font-family:"Courier New";color:#195065'>SSLProtocol all -SSLv2<o:p></o:p><=
/span></p>

<p class=3DMsoNormal style=3D'margin-left:30.0pt'><span style=3D'font-size:=
10.0pt;
font-family:"Courier New";color:#195065'>SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP<o:p></o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>2 – Redirect them =
to a
warning page<o:p></o:p></span></p>

<pre><Directory "/"><o:p></o:p></pre><pre>   =
; SSLRequireSSL<o:p></o:p></pre><pre>    SSLRequire (%{SSL_P=
ROTOCOL} !=3D "SSLv2" and %{SSL_CIPHER_USEKEYSIZE} >=3D 128) o=
r %{REQUEST_URI} =3D~ m:^/errors/:<o:p></o:p></pre><pre>    =
ErrorDocument 403 /errors/403-ssl.html<o:p></o:p></pre><pre></Directory&=
gt;<o:p></o:p></pre>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<div style=3D'mso-element:para-border-div;border:none;border-bottom:double =
windowtext 6.75pt;
padding:0cm 0cm 1.0pt 0cm'>

<p class=3DMsoNormal style=3D'border:none;padding:0cm'><span style=3D'color=
:#1F497D'>When
I use IE5 to access the site I get the following error:<o:p></o:p></span></=
p>

</div>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>Forbidden<o:p></o:p></sp=
an></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>You don't have permissio=
n to
access / on this server.<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>Additionally, a 403 Forb=
idden
error was encountered while trying to use an ErrorDocument to handle the
request.<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>------------------------=
--------------------------------------------------------<o:p></o:p></span><=
/p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<div style=3D'mso-element:para-border-div;border:none;border-bottom:double =
windowtext 6.75pt;
padding:0cm 0cm 1.0pt 0cm'>

<p class=3DMsoNormal style=3D'border:none;padding:0cm'><span style=3D'color=
:#1F497D'>Apache/2.2.3
(CentOS) Server at secure01.grant.co.uk Port 443<o:p></o:p></span></p>

</div>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>Bellow is my Virtual Hos=
t:<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>NameVirtualHost 192.168.=
8.40:443<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><VirtualHost
192.168.8.40:443><o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>    =
   
Serveradmin renato.oliveira [at] grant.co.uk<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>    =
   
DocumentRoot "/var/www/secure"<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>    =
   
ServerName secure01.granted.co.uk<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>    =
   
ErrorLog logs/secure01-error_log<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>    =
   
CustomLog logs/secure01.granted.co.uk-access_log common<o:p></o:p></span></=
p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>    =
   
SSLEngine on<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>    <D=
irectory
"/"><o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>    =
   
SSLRequireSSL<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>    =
  
SSLRequire (%{SSL_PROTOCOL} !=3D "SSLv2" and %{SSL_CIPHER_USEKEYS=
IZE}
>=3D 128) or %{REQUEST_URI} =3D~ m:^/errors/:<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>    =
   
ErrorDocument 403 "Your Browser Does not support 128 Bit Encryption&qu=
ot;<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>   </Direct=
ory><o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>    =
  
SSLProtocol all -SSLv2<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>    =
  
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP<o:=
p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>    =
  
SSLCertificateFile /etc/httpd/conf/certs/server.crt<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>    =
  
SSLCertificateKeyFile /etc/httpd/conf/certs/server.key<o:p></o:p></span></p=
>

<p class=3DMsoNormal><span style=3D'color:#1F497D'></VirtualHost><o:p=
></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>If anyone could help me =
or point
to the right direction, give a clue it would be very much appreciated.<o:p>=
</o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>I have search loads befo=
re
posting this question here.<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>Thank you very much in a=
dvance<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'><o:p> </o:p></span>=
</p>

<p class=3DMsoNormal><span style=3D'color:#1F497D'>Renato<o:p></o:p></span>=
</p>

</div>

</FONT></DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"></FONT> </DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"><FONT FACE=3D"Arial" SIZE=3D"2">Renato=
Oliveira<BR>Systems Administrator<BR>e-mail: renato.oliveira [at] grant.co.uk</=
FONT></FONT><FONT FACE=3D"Arial" SIZE=3D"2"><FONT FACE=3D"Arial" SIZE=3D"2"=
></FONT></FONT></DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"><FONT FACE=3D"Arial" SIZE=3D"2"></FONT=
></FONT> </DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"><FONT FACE=3D"Arial" SIZE=3D"2">Tel: +=
44 (0)1763 260811<BR>Fax: +44 (0)1763 262410<BR><A HREF=3D"http://www.grant=
..co.uk/">www.grant.co.uk</A></FONT></FONT></DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"><FONT FACE=3D"Arial" SIZE=3D"2"></FONT=
></FONT> </DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"><FONT FACE=3D"Arial" SIZE=3D"2">Grant =
Instruments (Cambridge) Ltd <BR> <BR>Company registered in England, re=
gistration number 658133<BR> <BR>Registered office address:<BR>29 Stat=
ion Road, <BR>Shepreth, <BR>CAMBS SG8 6GB <BR>UK</FONT></FONT></DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"><FONT FACE=3D"Arial" SIZE=3D"2"></FONT=
></FONT><FONT FACE=3D"Arial" SIZE=3D"2"><FONT FACE=3D"Arial" SIZE=3D"2"></F=
ONT></FONT> </DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"><FONT FACE=3D"Arial" SIZE=3D"2"></FONT=
></FONT></DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"><FONT FACE=3D"Arial" SIZE=3D"2"></FONT=
></FONT> </DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"><FONT FACE=3D"Arial" SIZE=3D"2"></FONT=
></FONT></DIV>
<DIV> </DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"><FONT FACE=3D"Arial" SIZE=3D"2"></FONT=
></FONT></DIV>
<DIV> </DIV> </DIV>
<DIV>
<P CLASS=3D"MsoNormal"><EM><B><SPAN LANG=3D"EN-US" STYLE=3D"FONT-SIZE: 18pt=
; COLOR: green; FONT-FAMILY: Webdings"></SPAN></B></EM> </P>
<P CLASS=3D"MsoNormal"><EM><B><SPAN LANG=3D"EN-US" STYLE=3D"FONT-SIZE: 18pt=
; COLOR: green; FONT-FAMILY: Webdings">P</SPAN></B></EM><EM><B><SPAN LANG=
=3D"EN-US" STYLE=3D"FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Verdana','=
sans-serif'"> </SPAN></B></EM><STRONG><I><SPAN STYLE=3D"FONT-SIZE: 7.5pt; C=
OLOR: green; FONT-FAMILY: 'Arial','sans-serif'">Please consider the environ=
ment before printing this email</SPAN></I></STRONG></P></DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"><STRONG>CONFIDENTIALITY</STRONG>: The =
information in this e-mail and any attachments is confidential. It is inten=
ded only for the named recipients(s). If you are not the named recipient pl=
ease notify the sender immediately and do not disclose the contents to anot=
her person or take copies. </FONT></DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"></FONT> </DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"><STRONG></STRONG></FONT></DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"><STRONG>VIRUSES:</STRONG> The contents=
of this e-mail or attachment(s) may contain viruses which could damage you=
r own computer system. Whilst Grant Instruments (Cambridge) Ltd has taken e=
very reasonable precaution to minimise this risk, we cannot accept liabilit=
y for any damage which you sustain as a result of software viruses. You sho=
uld therefore carry out your own virus checks before opening the attachment=
(s).</FONT></DIV>
<DIV> </DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"></FONT></DIV>
<DIV><FONT FACE=3D"Arial" SIZE=3D"2"><STRONG>OpenXML</STRONG>: For informat=
ion about the OpenXML file format in use within Grant Instruments please vi=
sit our <A HREF=3D"http://www.grant.co.uk/Support/openxml.html">website</A>=
</FONT></DIV></DIV></BODY></HTML>

--_000_7965A9DCF12CC14984420BCC37B1608F25A9E2D66CElzargrantc ou_--

n Tue, Feb 16, 2010 at 9:50 AM, Renato Oliveira
<renato.oliveira [at] grant.co.uk> wrote:
> Dear all,
>
>
>
> I am using Apache Server version: Apache/2.2.3 on Centos 5.4 (Test
> environment)
>
> On Production Redhat 4 Server version: Apache/2.0.52
>
>
>
> I have been looking for a way of:
>
> 1 =96 Prevent browsers with lower encryption to use my site, which I can =
do
> with the two directives below
>
> SSLProtocol all -SSLv2
>
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
>
>
>
> 2 =96 Redirect them to a warning page
>
> <Directory "/">
>
> =A0=A0=A0 SSLRequireSSL
>
> =A0=A0=A0 SSLRequire (%{SSL_PROTOCOL} !=3D "SSLv2" and %{SSL_CIPHER_USEKE=
YSIZE} >=3D
> 128) or %{REQUEST_URI} =3D~ m:^/errors/:
>
> =A0=A0=A0 ErrorDocument 403 /errors/403-ssl.html
>
> </Directory>
>
>
>
> When I use IE5 to access the site I get the following error:
>
>
>
> Forbidden
>
> You don't have permission to access / on this server.
>
>
>
> Additionally, a 403 Forbidden error was encountered while trying to use a=
n
> ErrorDocument to handle the request.

Don't protect the directory with your ErrorDocuments if you know the
SSL connection is already forbidden.

--
Eric Covener
covener [at] gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd.apache.org
" from the digest: users-digest-unsubscribe [at] httpd.apache.org
For additional commands, e-mail: users-help [at] httpd.apache.org

Eric,

Thank you for the reply?
I am sorry I don't understand it, sorry. I don't want to protect the direct=
ory, I want to have a redirect of the 403 error to a warning page.

Do you mean for me to remove the
<Directory "/"> directive?

Thank you very much

Best regards

Renato



Renato Oliveira
Systems Administrator
e-mail: renato.oliveira [at] grant.co.uk

Tel: +44 (0)1763 260811
Fax: +44 (0)1763 262410
http://www.grant.co.uk/

Grant Instruments (Cambridge) Ltd

Company registered in England, registration number 658133

Registered office address:
29 Station Road,
Shepreth,
CAMBS SG8 6GB
UK

-----Original Message-----


From: Eric Covener [mailto:covener [at] gmail.com]
Sent: 16 February 2010 15:03
To: users [at] httpd.apache.org
Subject: Re: [users [at] httpd] SSL redirect browsers if weak encryption to a wa=
rning page

n Tue, Feb 16, 2010 at 9:50 AM, Renato Oliveira
<renato.oliveira [at] grant.co.uk> wrote:
> Dear all,
>
>
>
> I am using Apache Server version: Apache/2.2.3 on Centos 5.4 (Test
> environment)
>
> On Production Redhat 4 Server version: Apache/2.0.52
>
>
>
> I have been looking for a way of:
>
> 1 - Prevent browsers with lower encryption to use my site, which I can do
> with the two directives below
>
> SSLProtocol all -SSLv2
>
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
>
>
>
> 2 - Redirect them to a warning page
>
> <Directory "/">
>
> SSLRequireSSL
>
> SSLRequire (%{SSL_PROTOCOL} !=3D "SSLv2" and %{SSL_CIPHER_USEKEYSIZE}=
>=3D
> 128) or %{REQUEST_URI} =3D~ m:^/errors/:
>
> ErrorDocument 403 /errors/403-ssl.html
>
> </Directory>
>
>
>
> When I use IE5 to access the site I get the following error:
>
>
>
> Forbidden
>
> You don't have permission to access / on this server.
>
>
>
> Additionally, a 403 Forbidden error was encountered while trying to use a=
n
> ErrorDocument to handle the request.

Don't protect the directory with your ErrorDocuments if you know the
SSL connection is already forbidden.

--
Eric Covener
covener [at] gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd.apache.org
" from the digest: users-digest-unsubscribe [at] httpd.apache.org
For additional commands, e-mail: users-help [at] httpd.apache.org




-----Original Message-----


P Please consider the environment before printing this email
CONFIDENTIALITY: The information in this e-mail and any attachments is conf=
idential. It is intended only for the named recipients(s). If you are not t=
he named recipient please notify the sender immediately and do not disclose=
the contents to another person or take copies.

VIRUSES: The contents of this e-mail or attachment(s) may contain viruses w=
hich could damage your own computer system. Whilst Grant Instruments (Cambr=
idge) Ltd has taken every reasonable precaution to minimise this risk, we c=
annot accept liability for any damage which you sustain as a result of soft=
ware viruses. You should therefore carry out your own virus checks before o=
pening the attachment(s).

OpenXML: For information about the OpenXML file format in use within Grant =
Instruments please visit our http://www.grant.co.uk/Support/openxml.html


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd.apache.org
" from the digest: users-digest-unsubscribe [at] httpd.apache.org
For additional commands, e-mail: users-help [at] httpd.apache.org