Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: how to make apache only use https |
|
| Author |
|
pearsont74
Joined: 30 Oct 2007
Posts: 2
|
 Posted: Tue 30 Oct '07 16:38 Post subject: how to make apache only use https |
 |
|
ok...i have a working site on windows 2k with the latest apache + mod_ssl +openssl.
I have a valid ssl cert installed and its all working great but it is accessible via http too....how can i fix this?
if i change the listen port to only 443, apache wont start.
any thoughts...i can post the config file is needed.
heres the site:
https://ftp.nbasaudits.com/ |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Wed 31 Oct '07 1:54 Post subject: |
|
|
Just a thought but no promise, you may be able to use RedirectMatch. Apache, at least my 2.2.6 adds an extra evironment variable when it is being used in SSL mode, In theory, add a redirect that if said environment variable is not found to redirect to https://whathaveyou
A way I have done it in the past is have a VHost that matched subdomain for port 80 with DirectoryIndex directive set to point to a perl script that just has two lines .. make that three
#!/usr/bin/perl
print "Location: https://whathaveyou
exit 0;
Now, for those who are going to point out that in Windoze perl is located in c:/perl/bin/perl .. my answer to that is true, if you install in default location. Install in c:\usr and you never have to change the shebang in a script for the rest of your life. At least I've been doing this for 10 years now. |
|
| Back to top |
|
fax
Joined: 05 Feb 2007
Posts: 24
|
| Posted: Wed 31 Oct '07 7:43 Post subject: |
|
|
You cannot do that in Apache itself. However you can use a firewall to only allow port 443 access yo your server.
By the way, you should hide your FULL Server Token and php existance.
This can be done via changing default.conf, the ServerToken option from Full to Prod.
From php.ini, change expose_php from On to Off.
Restart apache and people won't know you have php running from your http response header and what platfrom your apache runs on also from http response message. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Wed 31 Oct '07 10:42 Post subject: |
|
|
You can disable your vhost on port 80 if there is one.
Else comment out the # Listen 80
That apache don't start if you change Listen 80 to Listen 443 is because there must be a Listen 443 elsewhere in your httpd.conf or in an include. I guess there is a Listen 443 next to the ssl vhost. |
|
| Back to top |
|
pearsont74
Joined: 30 Oct 2007
Posts: 2
|
| Posted: Wed 31 Oct '07 14:24 Post subject: |
|
|
| James Blond wrote: | You can disable your vhost on port 80 if there is one.
Else comment out the # Listen 80
That apache don't start if you change Listen 80 to Listen 443 is because there must be a Listen 443 elsewhere in your httpd.conf or in an include. I guess there is a Listen 443 next to the ssl vhost. |
i knew it was something simple...thanks and that worked nicely. |
|
| Back to top |
|
|
|
|
|
|
