SSL protection for a Directory on the Web server

Posted on 2006-04-05
Last Modified: 2010-04-11
Let's say that my web site doesn't really require SSL support as a whole, but just the apps and data that run in just a single secure directory on my web server.  Is it possible to somehow setup the SSL to protect only that single directory's contents.  How would I set that up? How would I link to the apps and documents stored there? My web site calls the contents of the secure directory using relative links now.  Would I have to change that to some HTTPS address?

Appreciate any and all help.


Question by:tony_trotter
    LVL 3

    Accepted Solution

    What webserver are u using, IIS? Apache?

    It's pretty easy to setup SSL on only a specific directory, but in IIS you have to define the certificate for the entire site. Then on the subdirectory only you check the box "require ssl".  Other directories do not have the "require ssl" option checked.
    This option can be found by right clicking on the subdirectory you want choose properties, then choose directory security at the bottom is Certificates, click the edit button and check the box require SSL

    Under Apache, just put the SSLEngine and Certificate directives inside the <Directory> attributes as needed.

    Links to the secured directory need to be prefexed with https://yoursite/yourdirectory/yourfile, etc.

    If you are serving these pages to users from behind a firewall, make sure they can access port 443 as this is the default port used for http(s) connections

    Hope this helps

    LVL 51

    Assisted Solution

    simply use https:// instead of http:// in all your references
    the pages found in the SSL protected area should only use relative URLs (except those pointing outside that SSL area)

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now