Forums / Developer / Best Way to do SSL?

Best Way to do SSL?

Author Message

Willie Seabrook

Tuesday 20 January 2004 2:43:54 pm

Hi,

I need some parts of my site secured with SSL, and not others. The user login, and many parts of a user restricted area as sensitive information will be passed.

Would the best way to do this be to write apache rewrite rules to redirect the user based upon the url. For example, if I wanted to protect /content/view/full/5252 I would write a rule in apache:

RewriteRule ^/(content/view/full/5252/.*)$ https://www.mysite.com/$1 [R]

And do this for each page I need to protect? Is there an easier way to do it? And is this secure? The only information that would be sent over http in this setup would be the get request right? Then it would be transferred to https and the actual result of the get request (the sensitive data) would be sent over https.

Then for my embedded user login form (that sits on my homepage) I would change the post user from http://www.mysite.com/user/login to https://www.mysite.con/user/login and the post request would go over https?

Please forgive my ignorance here, I have never done a secure site before.

Björn Dieding@xrow.de

Thursday 22 January 2004 10:39:36 am

#################
# Lokaler SSL-Proxy, welcher https://domain zu http://domain umleitet
#################

RewriteLock /var/lock/rewrite.lock

<VirtualHost _default_:443>
DocumentRoot "/home/www"
ServerName ssl.xrow.net
ServerAlias www.xrow.net
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/ssl.crt/ssl.xrow.net.server.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/ssl.xrow.net.server.key
SSLCACertificateFile /etc/httpd/ssl.crt/ssl.xrow.net.ca.crt

# Rewrite-Engine einschalten fuer Umschreiben der URL
RewriteEngine on
# Logging ausschalten mit folgenden Zeilen:
#RewriteLog /dev/null
#RewriteLog 0
RewriteLog /var/log/httpd/sslproxy.log
RewriteLogLevel 1
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P,L]

</VirtualHost>

cool.... I like it

Looking for a new job? http://www.xrow.com/xrow-GmbH/Jobs
Looking for hosting? http://hostingezpublish.com
-----------------------------------------------------------------------------
GMT +01:00 Hannover, Germany
Web: http://www.xrow.com/

Willie Seabrook

Friday 23 January 2004 7:35:35 pm

I don't quite get it sorry :-(

With that configuration it looks like any request to the host gets re-written back to the host again???

Could you please explain a little? I can set up a secure server - I know how to do that, its just getting it to work nicely and securely with ezpublish that I'm unsure about.

Regards,
Willie

Björn Dieding@xrow.de

Monday 26 January 2004 1:43:49 am

>With that configuration it looks like any request to the host gets re-written back to the host again???

True....

any request to port 443 gets internally rewritten to port 80

the flow will be like this

client request https://www.xrow.de/user/register -> ssl proxy will a call(no encrytion needed internally) -> http://www.xrow.de/user/register (your eZ vhost) -> then the proxy will return the result from http://www.xrow.de/user/register (encryted) to client

Looking for a new job? http://www.xrow.com/xrow-GmbH/Jobs
Looking for hosting? http://hostingezpublish.com
-----------------------------------------------------------------------------
GMT +01:00 Hannover, Germany
Web: http://www.xrow.com/

Lauren Matheson

Thursday 01 April 2004 11:01:02 am

Can you explain more? The client request comes on port 443, internally that is rewritten to the non-secure vhost through port 80, and the response comes out port 80? That sounds like it would drop the TCP connection.?

Bruce Morrison

Thursday 01 April 2004 3:17:17 pm

I think it's the 'P' flag on the end of the rewrite rule that does all the magic.

See
http://httpd.apache.org/docs/mod/mod_rewrite.html#RewriteRule

Cheers
Bruce

My Blog: http://www.stuffandcontent.com/
Follow me on twitter: http://twitter.com/brucemorrison
Consolidated eZ Publish Feed : http://friendfeed.com/rooms/ez-publish

eZ debug

Timing: Jan 18 2025 18:30:29
Script start
Timing: Jan 18 2025 18:30:29
Module start 'content'
Timing: Jan 18 2025 18:30:30
Module end 'content'
Timing: Jan 18 2025 18:30:30
Script end

Main resources:

Total runtime1.1902 sec
Peak memory usage4,096.0000 KB
Database Queries207

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0068 587.6094180.8438
Module start 'content' 0.00681.0379 768.4531656.9297
Module end 'content' 1.04480.1453 1,425.3828341.0703
Script end 1.1901  1,766.4531 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00410.3456210.0002
Check MTime0.00150.1284210.0001
Mysql Total
Database connection0.00080.069610.0008
Mysqli_queries1.081790.88492070.0052
Looping result0.00230.18972050.0000
Template Total1.127094.720.5635
Template load0.00250.213420.0013
Template processing1.124594.482920.5622
Template load and register function0.00020.018410.0002
states
state_id_array0.00110.091810.0011
state_identifier_array0.00120.104420.0006
Override
Cache load0.00230.1944570.0000
Sytem overhead
Fetch class attribute can translate value0.00160.134050.0003
Fetch class attribute name0.00150.124980.0002
XML
Image XML parsing0.00150.128150.0003
class_abstraction
Instantiating content class attribute0.00000.001590.0000
General
dbfile0.02251.8882330.0007
String conversion0.00000.000530.0000
Note: percentages do not add up to 100% because some accumulators overlap

CSS/JS files loaded with "ezjscPacker" during request:

CacheTypePacklevelSourceFiles
CSS0extension/community/design/community/stylesheets/ext/jquery.autocomplete.css
extension/community_design/design/suncana/stylesheets/scrollbars.css
extension/community_design/design/suncana/stylesheets/tabs.css
extension/community_design/design/suncana/stylesheets/roadmap.css
extension/community_design/design/suncana/stylesheets/content.css
extension/community_design/design/suncana/stylesheets/star-rating.css
extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css
extension/community_design/design/suncana/stylesheets/buttons.css
extension/community_design/design/suncana/stylesheets/tweetbox.css
extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css
extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css
extension/sevenx/design/simple/stylesheets/star_rating.css
extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css
extension/sevenx/design/simple/stylesheets/main.v02.css
extension/sevenx/design/simple/stylesheets/main.v02.res.css
JS0extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js
extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js
extension/community_design/design/suncana/javascript/jquery.ui.core.min.js
extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js
extension/community_design/design/suncana/javascript/jquery.easing.1.3.js
extension/community_design/design/suncana/javascript/jquery.ui.tabs.js
extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js
extension/community_design/design/suncana/javascript/jquery.popmenu.js
extension/community_design/design/suncana/javascript/jScrollPane.js
extension/community_design/design/suncana/javascript/jquery.mousewheel.js
extension/community_design/design/suncana/javascript/jquery.cycle.all.js
extension/sevenx/design/simple/javascript/jquery.scrollTo.js
extension/community_design/design/suncana/javascript/jquery.cookie.js
extension/community_design/design/suncana/javascript/ezstarrating_jquery.js
extension/community_design/design/suncana/javascript/jquery.initboxes.js
extension/community_design/design/suncana/javascript/app.js
extension/community_design/design/suncana/javascript/twitterwidget.js
extension/community_design/design/suncana/javascript/community.js
extension/community_design/design/suncana/javascript/roadmap.js
extension/community_design/design/suncana/javascript/ez.js
extension/community_design/design/suncana/javascript/ezshareevents.js
extension/sevenx/design/simple/javascript/main.js

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1node/view/full.tplfull/forum_topic.tplextension/sevenx/design/simple/override/templates/full/forum_topic.tplEdit templateOverride template
6content/datatype/view/ezxmltext.tpl<No override>extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tplEdit templateOverride template
11content/datatype/view/ezxmltags/paragraph.tpl<No override>extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tplEdit templateOverride template
3content/datatype/view/ezimage.tpl<No override>extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tplEdit templateOverride template
6content/datatype/view/ezxmltags/line.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/line.tplEdit templateOverride template
1pagelayout.tpl<No override>extension/sevenx/design/simple/templates/pagelayout.tplEdit templateOverride template
 Number of times templates used: 28
 Number of unique templates used: 6

Time used to render debug report: 0.0002 secs