Mixing SSL and non-SSL content in an Apache2 virtual host

Posted by gravyface on Server Fault See other posts from Server Fault or by gravyface
Published on 2010-03-25T20:00:23Z Indexed on 2010/03/25 20:03 UTC
Read the original article Hit count: 816

Filed under:
|
|

I have a (hopefully) common scenario for one of my sites that I just can't seem to figure out how to deploy correctly.

I have the following site and directories for example.com:

These need to require SSL:

  • /var/www/example.com/admin
  • /var/www/example.com/order

These need to be non-SSL:

  • /var/www/example.com/maps

These need to support both:

  • /var/www/example.com/css
  • /var/www/example.com/js
  • /var/www/example.com/img

I have two virtual host declarations for the one site in my /sites-available/example.com file; the top one is *:443 the second one is *:80. Since I have two sites, and if a request comes in on 443, the top virtualhost is used, same with the bottom if it's a port 80 request. However, I can't seem to enforce my SSL requirements using SSLRequireSSL because I'm assuming a port 80 request to /admin or /order is not even hitting the *:443 vhost.

Should I just Deny All to /order and /admin within the *:80 virtual host so that if you try to request it on 80, you'll get a 403 Forbidden?

© Server Fault or respective owner

Related posts about apache2

Related posts about virtualhosts