Markie
Posts: 251
|
| Posted: 08/01/2007, 3:41 AM |
|
On my Linux server, I have this paths:
/var/www/html
and
/var/www-ssl/html
The pages in /var/www/html can be accessed by http://
The pages in /var/www-ssl/html can be accessed by https:// (ssl protocol)
I want to put my project pages in /var/www/html. However, the pages have to restricted and will only be available after the visitor of the website has logged in.
Now, I want to put the login page in /var/www-ssl/html , so when somebody enters his credentials (username, passwd) it's in the protected SSL area. After loggin in, the visitor can open the pages in /var/www/html
I'm a bit stuck how to do this, somebody ?
_________________
The Netherlands, GMT+1
Tools: CCS 5.1, Windows 7, Navicat, Ultraedit
Local server: XAMPP with Apache, php and MySQL
Webserver: Windows 2008 IIS 7, php and MySQL |
 |
|
wkempees
|
| Posted: 08/01/2007, 3:55 AM |
|
if /var/www is the default directory your domain is pointing to
meaning that if you address the URL you are in fact IN /var/www
then you are facing sort of a problem.
Because /var/www-ssl is not in you tree, in fact it is "out-of-reach"
Which may be the start of your problem.
But, why do this anyway?
Walter
(gegroet)
"Markie" <Markie@forum.codecharge> schreef in bericht
news:546b0634d8fb0a@news.codecharge.com...
> On my Linux server, I have this paths:
>
> /var/www/html
>
> and
>
> /var/www-ssl/html
>
> The pages in /var/www/html can be accessed by http://
>
> The pages in /var/www-ssl/html can be accessed by https:// (ssl protocol)
>
> I want to put my project pages in /var/www/html. However, the pages have
> to
> restricted and will only be available after the visitor of the website has
> logged in.
>
> Now, I want to put the login page in /var/www-ssl/html , so when somebody
> enters his credentials (username, passwd) it's in the protected SSL area.
> After
> loggin in, the visitor can open the pages in /var/www/html
>
> I'm a bit stuck how to do this, somebody ?
> ---------------------------------------
> Sent from YesSoftware forum
> http://forums.yessoftware.com/
>
|
|
|
|
Markie
Posts: 251
|
| Posted: 08/01/2007, 5:04 AM |
|
Hi Walter,
I don't use a domain, I will only work with the IP address.
You ask me why I do it this way, I suppose there is another way to do it ?
Is it possible to use ssl for the login page and don't use it for the other pages ?
I have noticed in Project > Settings > Server / script > Secure Server URL
What's the solution ?
thanks again
_________________
The Netherlands, GMT+1
Tools: CCS 5.1, Windows 7, Navicat, Ultraedit
Local server: XAMPP with Apache, php and MySQL
Webserver: Windows 2008 IIS 7, php and MySQL |
|
|
|
wkempees
|
| Posted: 08/01/2007, 5:40 AM |
|
As far as I know, you do not have to use a separate directory.
You "just" need to redirect the user through the ssl port
It is a bit far fetched to toally discuss the ins and outs of this here.
Also I do not have all the answers but mostly we do this:
we use only one 'root directory' for a domain (i.e. /var/www)
Through .htaccess we redirect the request to the https: part of the domain
I think the Project settings just give you an opportunity to 'tell' the
application the ssl URL.
If in doubt, post to support or await better answer.
Walter
"Markie" <Markie@forum.codecharge> schreef in bericht
news:546b076e906c20@news.codecharge.com...
> Hi Walter,
>
> I don't use a domain, I will only work with the IP address.
> You ask me why I do it this way, I suppose there is another way to do it ?
>
> Is it possible to use ssl for the login page and don't use it for the
> other
> pages ?
> I have noticed in Project > Settings > Server / script > Secure Server URL
>
> What's the solution ?
>
> thanks again
> ---------------------------------------
> Sent from YesSoftware forum
> http://forums.yessoftware.com/
>
|
|
|
|
wkempees
|
| Posted: 08/01/2007, 5:45 AM |
|
Google:
"htaccess ssl redirect"
|
|
|
|
datadoit.com
|
| Posted: 08/01/2007, 6:44 AM |
|
..htaccess as suggested is good, quick solution as suggested.
If all you're doing is protecting the login credentials and nothing
else, then look at using Javascript to encrypt before posting across the
wire.
|
|
|
|
|
 |
|
|
|
