[lug] ssl apache paths

dio2002 at indra.com dio2002 at indra.com
Tue Aug 14 16:35:18 MDT 2007

>> for example, instead of having ssl protection on the entire domain
>> site.com, i'd like to only apply it selectively to site paths:
>> site.com/login/*
>> site.com/configure/*
>> site.com/dothis.php
> You would have to do this with redirects or something.
> Ie, when someone goes to one of those dirs via a http: link, you
> rewrite it to https and so on. Not easy to do, but possible.

Here's a twist on the similar theme.  Is it possible to limit (fw) selective
php paths to a given ip address using apache directives?  kind of like
an allow or deny hosts but on an url path(s) versus the entire domain.

For instance, to help lockdown security on a site, say i limit:


to access only from xxx.xxx.xxx.xxx while all other urls are free
to the public.  that doesn't do anything for cleartext logins but
it does limit who can try to login.

iptables firewalls at the port level.  i want to limit
the access a little higher up the food chain.

> Yes. Each ssl host needs to have it's own IP.
> The name based virtual stuff takes place after the ssl handshake
> between your server and the browser. It already has to know the
> hostname it's going to to verify the ssl certificate. You can't do
> multiple ones in a single IP...

Darn!  i guess ip aliasing is my only option here.  i'm trying to
find a way to do this without having to buy more ip addresses.

> There is one exception. You can get a wildcard ssl cert.
> Basically instead of being issued to one host, it's issued to
> '*.domain.com" so any host in that domain validates.

I need separate domains

Anybody have an idea of how much overhead ssl adds when used? a little,
moderate, a lot?


More information about the LUG mailing list