Comments on: Shared IP, multiple vhosts and multiple SSL certificates on Apache http://www.vanstormbroek.nl/blog/?p=4 Just my notes on things I've been busy with... Thu, 18 Feb 2010 08:31:23 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Stephen http://www.vanstormbroek.nl/blog/?p=4#comment-725 Stephen Fri, 07 Aug 2009 01:55:09 +0000 http://www.vanstormbroek.nl/blog/?p=4#comment-725 You should change your wording as it is misleading. You did not "solve" anything. You are just bypassing the limitation of SSL by having it redirect to port 444. Traffic will still be sent to port 80 first on vhost 2, the rewrite rule will catch it and then send it on to port 444. I'm thinking this could be potentially dangerous at some point. You should change your wording as it is misleading. You did not “solve” anything. You are just bypassing the limitation of SSL by having it redirect to port 444.
Traffic will still be sent to port 80 first on vhost 2, the rewrite rule will catch it and then send it on to port 444.

I’m thinking this could be potentially dangerous at some point.

]]> By: Orkolpoltao Benz de Goldstheyn-Rothschild http://www.vanstormbroek.nl/blog/?p=4#comment-239 Orkolpoltao Benz de Goldstheyn-Rothschild Fri, 05 Dec 2008 08:21:26 +0000 http://www.vanstormbroek.nl/blog/?p=4#comment-239 http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide_advanced.html#mass-virtual-hosting http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide_advanced.html#mass-virtual-hosting

]]> By: Mike Sharkey http://www.vanstormbroek.nl/blog/?p=4#comment-206 Mike Sharkey Mon, 08 Sep 2008 21:46:51 +0000 http://www.vanstormbroek.nl/blog/?p=4#comment-206 However, the sweon solution does not allow for multiple cert files, which I think limits you to using only sub-domains unless you have a cert that covers multiple fqdns? Right? Or am I missing something? This solution, although it consumes ports, does allow you to use the non-standard ports pretty transparently to the user, as well as allowing separate certs for each fqdn. --Mike However, the sweon solution does not allow for multiple cert files, which I think limits you to using only sub-domains unless you have a cert that covers multiple fqdns? Right? Or am I missing something?

This solution, although it consumes ports, does allow you to use the non-standard ports pretty transparently to the user, as well as allowing separate certs for each fqdn.

–Mike

]]> By: Ric http://www.vanstormbroek.nl/blog/?p=4#comment-203 Ric Wed, 20 Aug 2008 05:35:25 +0000 http://www.vanstormbroek.nl/blog/?p=4#comment-203 This requires an additional port for each virtual host and a restart of apache each time you add one. The sweon solution uses a map which can be updated and require no restart and only one port. This requires an additional port for each virtual host and a restart of apache each time you add one.
The sweon solution uses a map which can be updated and require no restart and only one port.

]]> By: drax http://www.vanstormbroek.nl/blog/?p=4#comment-5 drax Tue, 12 Feb 2008 00:38:11 +0000 http://www.vanstormbroek.nl/blog/?p=4#comment-5 Ah ok, I understand your setup. You must make sure no user submits data to the http:// version (like a form) because it *will* work (transparently of course). Good idea though, I will use it for those lazy users ;) Ah ok, I understand your setup. You must make sure no user submits data to the http:// version (like a form) because it *will* work (transparently of course).
Good idea though, I will use it for those lazy users ;)

]]> By: Guido http://www.vanstormbroek.nl/blog/?p=4#comment-4 Guido Mon, 11 Feb 2008 21:10:09 +0000 http://www.vanstormbroek.nl/blog/?p=4#comment-4 Not entirely. It is only a little trick, when people 'forget' to use the https:// and the alternative port number. All requests for a certain http://www.xyz.com/<name> are then automatically rewritten to the https:// address. For instance, when I visit http://www.xyz.com/mail and I have a rewrite rule for that location, my browser address bar will show me https://www.xyz.com:444/mail. Another way of looking at it is that with this .htaccess method, you essentially deny access to the unsecured http:// location, and force the use of https:// Not entirely. It is only a little trick, when people ‘forget’ to use the https:// and the alternative port number. All requests for a certain http://www.xyz.com/ are then automatically rewritten to the https:// address.
For instance, when I visit http://www.xyz.com/mail and I have a rewrite rule for that location, my browser address bar will show me https://www.xyz.com:444/mail.
Another way of looking at it is that with this .htaccess method, you essentially deny access to the unsecured http:// location, and force the use of https://

]]> By: drax http://www.vanstormbroek.nl/blog/?p=4#comment-3 drax Mon, 11 Feb 2008 16:17:27 +0000 http://www.vanstormbroek.nl/blog/?p=4#comment-3 Hi, Just to point out... The point of SSL is for data to be encrypted. With the technique above, the user first goes to a HTTP site, then gets redirected to a HTTPS site on a particular port. Am I right? So the data is send in cleartext to the server, the server redirects the clients, and the clients re-sends the data, via https. This defeats the whole point of SSL does it not? Thanks for the link Hi,

Just to point out… The point of SSL is for data to be encrypted. With the technique above, the user first goes to a HTTP site, then gets redirected to a HTTPS site on a particular port. Am I right?
So the data is send in cleartext to the server, the server redirects the clients, and the clients re-sends the data, via https.
This defeats the whole point of SSL does it not?

Thanks for the link

]]>