?
Solved

running HTTP:// and HTTPS:// concurrently

Posted on 2006-05-04
11
Medium Priority
?
239 Views
Last Modified: 2010-03-04
hi there

i have a hosted apache application for internal and external access.

i have set up that the virtual server created uses SSL. when i connect via the https:// it connects fine.

however when i use http:// as the pre-fix, i get a blank page...?


is there a setting on setup that i have missed? or why does it do this?


thanks in advance
0
Comment
Question by:minichicken
  • 6
  • 5
11 Comments
 
LVL 15

Expert Comment

by:m1tk4
ID: 16606776
Post your <VirtualHost> container here.
0
 
LVL 12

Author Comment

by:minichicken
ID: 16607990
SSLMutex default
SSLRandomSeed startup builtin
SSLSessionCache none
SSLLog logs/SSL.log
SSLLogLevel info



<VirtualHost <LAN_IP>:80>

    DocumentRoot "<PATH>\htdocs"
    ScriptAlias /cgi-bin/ "<PATH>/cgi-bin/"
    <Directory "<PATH>/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>    

       SSLEngine On
       SSLCertificateFile conf/ssl/my-server.cert
       SSLCertificateKeyFile conf/ssl/my-server.key

</VirtualHost>
0
 
LVL 15

Expert Comment

by:m1tk4
ID: 16608635
<VirtualHost <LAN_IP>:80>

This one catches your http:// requests, your https:// request go to port 443 instead of 80 and are handled either in a different container or in default config.

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Author Comment

by:minichicken
ID: 16608709

how should my Virtualhost(s) be set up?

can you give me an example?

thanks!
0
 
LVL 12

Author Comment

by:minichicken
ID: 16608743
would it be something like this:

<VirtualHost <LAN_IP>:80>
    DocumentRoot "<PATH>\htdocs"
    ScriptAlias /cgi-bin/ "<PATH>/cgi-bin/"
    <Directory "<PATH>/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>    
</VirtualHost>



<VirtualHost <WAN_IP>:443>
    DocumentRoot "<PATH>\htdocs"
    ScriptAlias /cgi-bin/ "<PATH>/cgi-bin/"
    <Directory "<PATH>/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>    
       SSLEngine On
       SSLCertificateFile conf/ssl/my-server.cert
       SSLCertificateKeyFile conf/ssl/my-server.key
</VirtualHost>

0
 
LVL 15

Expert Comment

by:m1tk4
ID: 16608883
Yes, you could even do it in one container:

<VirtualHost <WAN_IP>:443 <LAN_IP>:80>

Not sure about 1.3, in 2.0 you definitely can.
0
 
LVL 12

Author Comment

by:minichicken
ID: 16609299
maybe you can help me out here man.

i have a web based applicaton that is hosted by apache. People on the LAN connect via the LAN IP: "http://10.0.0.1" (for example). People connecting from outside the LAN connect to the WAN IP: "http://199.99.2.99" (for example).

the index.html page has 2 hyperlinks. The first link LINK_1 points to the path "http://10.0.0.1/application_path/application". LINK_1 is meant for all internal staff to connect. Naturally hyperlink LINK_2 links to the path "http://199.99.2.99/application_path/application".

what i want to achieve from this is to implement SSL over the WAN connection and not the LAN.

how would i go about it?

0
 
LVL 15

Expert Comment

by:m1tk4
ID: 16609692
Just make sure

a) your links are absolute (i.e. include full URL starting with http:/...)
b) the LINK2 starts with https://, not http.

To block WAN users from getting to the site through regular http you can set up a second VirtualServer container with <WAN_IP>:80 and do a Deny from all in it.

Is there any particular reason why you have to use IP's instead of hostnames?
0
 
LVL 12

Author Comment

by:minichicken
ID: 16610094

This brings me to my first issue where http:// gets a blank page...?

basically any URL with the WAN_IP in it must be "https://..."; and any URL with the LAN_IP must be "http://..."

To answer your question, there isn't a hostname set for the WAN_IP.

how would i go about this? how many virtual servers would i need set up?

could i have something like this:


SSLMutex default
SSLRandomSeed startup builtin
SSLSessionCache none
SSLLog logs/SSL.log
SSLLogLevel info



<VirtualHost <LAN_IP>:80>
    DocumentRoot "<PATH>\htdocs"
    ScriptAlias /cgi-bin/ "<PATH>/cgi-bin/"
    <Directory "<PATH>/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>    
</VirtualHost>



<VirtualHost <WAN_IP>:80>
    DocumentRoot "<PATH>\htdocs"
    ScriptAlias /cgi-bin/ "<PATH>/cgi-bin/"
    <Directory "<PATH>/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>    

       SSLEngine On
       SSLCertificateFile conf/ssl/my-server.cert
       SSLCertificateKeyFile conf/ssl/my-server.key

</VirtualHost>
0
 
LVL 15

Accepted Solution

by:
m1tk4 earned 2000 total points
ID: 16610490
>>how would i go about this? how many virtual servers would i need set up?

2. One for <LAN_IP>:80 and <WAN_IP>:443 and one for <WAN_IP:80> with Deny from all.
0
 
LVL 12

Author Comment

by:minichicken
ID: 16612433
thanks!

i will give it atry!
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses
Course of the Month14 days, 1 hour left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question