tags:

views:

106

answers:

2
Q: 

Disabling non-secure access for only one URL on one instance of apache

For example, one instance of apache is managing www.site.com/folder1/a.html www.site.com/folder2/b.html www.site.com/folder3/c.html

I need to make sure that access to www.site.com/folder3/c.html is https only.

All these folders are in the same document root.

Is this possible? If not, what you recommend as the minimum changes necessary in order to get what I want?

A: 

I believe you can do something in the Apache configuration like:

RedirectMatch /folder3/(.*) https://www.site.com/folder3/$1

Not sure if that's proper though.

Hope that helps...

Andrew Flanagan  2008-11-20 15:54:36
This results in an infinite redirection loop.
Nathan Spears  2008-11-25 23:21:09
A: 

You can try this solution:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/folder3/c.html$ https://www.site.com/folder3/c.html$1 [R,L]

With this solution you can also define which kind of redirection to apply. And, the most important, the rule will only run when in HTTP scheme.

Pierre-Yves Gillier  2008-11-20 16:30:07
This looked so technical that I thought it must be right! However I can't get any response from this code. Is there some preliminary step I need to take before using this code?
Nathan Spears  2008-11-25 23:24:08

related questions

How would you implement a secure static login credentials system in Java?
Blocking https url's in a embedded gecko browser
Restrict Apache to only allow access using SSL for some directories
How to put up an off-the-shelf https to http gateway?
Rails SSL Requirement plugin -- shouldn't it check to see if you're in production mode before redirecting to https?
What's the best way to learn server RESTful code?
Force HTTPS. How is it possible?
How can I get LWP to validate SSL server certificates?
What must I do to make content such as images served over HTTPS be cached client-side?
What does a PHP developer need to know about https / secure socket layer connections?
What's a clean/simple way to ensure the security of a page?
Making sure a web page is not cached, across all browsers.
Best way in asp.net to force https for an entire site?
Any way to handle Put and Delete verbs in ASP.Net MVC?
Response.Redirect with POST instead of Get?
How to get the correct Content-Length for a POST request.
IIS7: HTTP->HTTPS Cleanly
[ASP.NET ERROR] The request was aborted: Could not create SSL/TLS secure channel.
Testing HTTPS files with MAMP
How do banks remember "your computer"?
Avoid traffic shaping by using ssh on port 443
Convince Firefox to send an If-Modified-Since header over HTTPS
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
Options for Google Maps over SSL