Hi, I have setup a webserver on CentOS 4.5 with NameVirtualHost. Two VirtualHost should be reachable by port 80 from outside, while the third (default) should be only reachable by https from outside but by http from inside. Since all share the same IP firewalling seems to be out of question. So is there a way to restrict that in Apache config? regards, Andreas
Andreas Kuntzagk wrote:> Hi, > > I have setup a webserver on CentOS 4.5 with NameVirtualHost. > Two VirtualHost should be reachable by port 80 from outside, while the > third (default) should be only reachable by https from outside but by > http from inside. > Since all share the same IP firewalling seems to be out of question. So > is there a way to restrict that in Apache config? >use the allow/deny directives Order Allow,Deny Allow from internal/subnet inside the third http section. That will force those on the outside to use https or see an error. Or maybe, just redirect them to https with RedirectMatch whether from internal or external ips.> regards, Andreas > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
Friday 23 November 2007 09:36:48 Andreas Kuntzagk napisa?(a):> Hi, > > I have setup a webserver on CentOS 4.5 with NameVirtualHost. > Two VirtualHost should be reachable by port 80 from outside, while the > third (default) should be only reachable by https from outside but by > http from inside. > Since all share the same IP firewalling seems to be out of question. So > is there a way to restrict that in Apache config?http://httpd.apache.org/docs/2.0/mod/mod_access.html Regards, -- Tomasz Napierala System Administrator QXL Poland - Allegro.pl Team http://www.allegro.pl/
Andreas Kuntzagk wrote:> Hi, > > I have setup a webserver on CentOS 4.5 with NameVirtualHost. > Two VirtualHost should be reachable by port 80 from outside, while the > third (default) should be only reachable by https from outside but by > http from inside. > Since all share the same IP firewalling seems to be out of question. So > is there a way to restrict that in Apache config? > > regards, AndreasConfigure your virtualhosts a "SSLRequireSSL" directive would force it to be https only. When using http, it would give "Permission denied". Or a mod_rewrite. Or you could also configure your http virtualhosts in httpd.conf, while configuring your https VH in ssl.conf. Ugo