Apache config for sending only username/password via https/ssl

Previous topic

Setup & design

Next topic

Author	Message
Jonny Bergkvist	Monday 27 October 2003 12:19:29 pm I have a eZ 3.2-site on Debian with Apache and Apache-SSL (not mod-ssl): I have achieved to send all username/password in https (encrypted), and everything else goes in http (clear-text). In apache/http it does a rewrite to https if you request a url-path that begins with /user. And in apache-ssl/https it does a rewrite to http if you request another url-path than /user. From /etc/apache/httpd.conf: <VirtualHost > <Directory /ezroot> Options FollowSymLinks Indexes ExecCGI AllowOverride None Order deny,allow allow from all </Directory> ServerAdmin webmaster@hostname.com ServerName hostname.domain.com ServerAlias admin.hostname.domain.com DocumentRoot /ezroot/ RewriteEngine On RewriteRule ^/user(.)$ https://%{HTTP_HOST}/user$1 [L] RewriteRule !\.(gif\|css\|jpg\|png\|jar\|ico\|js)$ /ezroot/index.php </VirtualHost> From /etc/apache-ssl/httpd.conf: <VirtualHost > <Directory /ezroot> Options FollowSymLinks Indexes ExecCGI AllowOverride None Order deny,allow allow from all </Directory> ServerAdmin webmaster@domain.com ServerName hostname.domain.com ServerAlias admin.hostname.domain.com DocumentRoot /ezroot/ SSLCACertificatePath /etc/apache-ssl/cert SSLCACertificateFile /etc/apache-ssl/cert/ca.txt SSLCertificateFile /etc/apache-ssl/cert/certificate.crt SSLCertificateKeyFile /etc/apache-ssl/cert/private.key RewriteEngine On RewriteRule ^/user(.)$ /ezroot/index.php [L] RewriteRule ^(.*) http://%{HTTP_HOST}$1 [L] </VirtualHost> The only problem I have found with this config is that if you are not authenticated and open url: http://admin.hostname.domain.com/ then you are presented the login-page without the /user/login appended in the url-path. I think I must hack some of the php-code to append the /user/login to the url in order to get redirected to https...? Except for that is seems to work fine. Please give me feedback about this config :-) Regards, Jonny
Jonny Bergkvist	Tuesday 28 October 2003 4:34:52 am I just found a solution that works for the http://admin.hostname.domain.com/ when not autenticated: I repeat the rewrite-stuff including the new entries: /etc/apache/htttp.conf: RewriteEngine On RewriteCond %{HTTP_HOST} ^admin\.hostname\.domain\.com [NC] RewriteRule ^/$ https://%{HTTP_HOST} [L] RewriteRule ^/user(.)$ https://%{HTTP_HOST}/user$1 [L] RewriteRule !\.(gif\|css\|jpg\|png\|jar\|ico\|js)$ /ezroot/index.php /etc/apache-ssl/httpd.conf: RewriteEngine On RewriteRule ^/user(.)$ /ezroot/index.php [L] RewriteRule ^/$ /ezroot/index.php [L] RewriteRule \.(gif\|css\|jpg\|png\|jar\|ico\|js)$ %{REQUEST_URI} [S=1] RewriteRule ^(.*) http://%{HTTP_HOST}$1 [L]

Author

Message

Jonny Bergkvist

Monday 27 October 2003 12:19:29 pm

I have a eZ 3.2-site on Debian with Apache and Apache-SSL (not mod-ssl):

I have achieved to send all username/password in https (encrypted), and everything else goes in http (clear-text).

In apache/http it does a rewrite to https if you request a url-path that begins with /user.

And in apache-ssl/https it does a rewrite to http if you request another url-path than /user.

From /etc/apache/httpd.conf:
<VirtualHost *>
<Directory /ezroot>
Options FollowSymLinks Indexes ExecCGI
AllowOverride None
Order deny,allow
allow from all
</Directory>

ServerAdmin webmaster@hostname.com
ServerName hostname.domain.com
ServerAlias admin.hostname.domain.com
DocumentRoot /ezroot/

RewriteEngine On
RewriteRule ^/user(.*)$ https://%{HTTP_HOST}/user$1 [L]
RewriteRule !\.(gif|css|jpg|png|jar|ico|js)$ /ezroot/index.php
</VirtualHost>

From /etc/apache-ssl/httpd.conf:
<VirtualHost *>
<Directory /ezroot>
Options FollowSymLinks Indexes ExecCGI
AllowOverride None
Order deny,allow
allow from all
</Directory>

ServerAdmin webmaster@domain.com
ServerName hostname.domain.com
ServerAlias admin.hostname.domain.com
DocumentRoot /ezroot/

SSLCACertificatePath /etc/apache-ssl/cert
SSLCACertificateFile /etc/apache-ssl/cert/ca.txt
SSLCertificateFile /etc/apache-ssl/cert/certificate.crt
SSLCertificateKeyFile /etc/apache-ssl/cert/private.key

RewriteEngine On
RewriteRule ^/user(.*)$ /ezroot/index.php [L]
RewriteRule ^(.*) http://%{HTTP_HOST}$1 [L]
</VirtualHost>

The only problem I have found with this config is that if you are not authenticated and open url: http://admin.hostname.domain.com/ then you are presented the login-page without the /user/login appended in the url-path. I think I must hack some of the php-code to append the /user/login to the url in order to get redirected to https...?

Except for that is seems to work fine. Please give me feedback about this config :-)

Regards, Jonny

Jonny Bergkvist

Tuesday 28 October 2003 4:34:52 am

I just found a solution that works for the http://admin.hostname.domain.com/ when not autenticated:

I repeat the rewrite-stuff including the new entries:

/etc/apache/htttp.conf:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^admin\.hostname\.domain\.com [NC]
RewriteRule ^/$ https://%{HTTP_HOST} [L]

RewriteRule ^/user(.*)$ https://%{HTTP_HOST}/user$1 [L]
RewriteRule !\.(gif|css|jpg|png|jar|ico|js)$ /ezroot/index.php

/etc/apache-ssl/httpd.conf:
RewriteEngine On
RewriteRule ^/user(.*)$ /ezroot/index.php [L]
RewriteRule ^/$ /ezroot/index.php [L]
RewriteRule \.(gif|css|jpg|png|jar|ico|js)$ %{REQUEST_URI} [S=1]
RewriteRule ^(.*) http://%{HTTP_HOST}$1 [L]

eZ debug

Timing:	Jan 19 2025 04:24:10
Script start
Timing:	Jan 19 2025 04:24:10
Module start 'layout'
Timing:	Jan 19 2025 04:24:10
Module start 'content'
Timing:	Jan 19 2025 04:24:10
Module end 'content'
Timing:	Jan 19 2025 04:24:10
Script end

Main resources:

Total runtime	0.7597 sec
Peak memory usage	4,096.0000 KB
Database Queries	52

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0058	589.4141	152.6563
Module start 'layout'	0.0058	0.0032	742.0703	39.5234
Module start 'content'	0.0090	0.7493	781.5938	479.3047
Module end 'content'	0.7583	0.0014	1,260.8984	12.0938
Script end	0.7597		1,272.9922

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0038	0.4958	16	0.0002
Check MTime	0.0016	0.2107	16	0.0001
Mysql Total
Database connection	0.0007	0.0958	1	0.0007
Mysqli_queries	0.7022	92.4328	52	0.0135
Looping result	0.0005	0.0608	50	0.0000
Template Total	0.7270	95.7	2	0.3635
Template load	0.0021	0.2768	2	0.0011
Template processing	0.7249	95.4193	2	0.3625
Template load and register function	0.0001	0.0130	1	0.0001
states
state_id_array	0.0011	0.1420	1	0.0011
state_identifier_array	0.0007	0.0945	2	0.0004
Override
Cache load	0.0018	0.2381	64	0.0000
Sytem overhead
Fetch class attribute can translate value	0.0005	0.0613	1	0.0005
Fetch class attribute name	0.0013	0.1653	3	0.0004
XML
Image XML parsing	0.0016	0.2092	1	0.0016
class_abstraction
Instantiating content class attribute	0.0000	0.0012	4	0.0000
General
dbfile	0.0019	0.2554	16	0.0001
String conversion	0.0000	0.0013	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
2	content/datatype/view/ezimage.tpl	<No override>	extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tpl
2	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
12	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
10	content/datatype/view/ezxmltags/line.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/line.tpl
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 28 Number of unique templates used: 6

Time used to render debug report: 0.0002 secs