Could it be that your DocumentRoot directive in your httpd-ssl.conf file points to somewhere that you haven't granted access to? I would have thought that c:/Apache/htdocs/ssldocs would be available anyway with it being under your htdocs directory, but it's worth a try. Have you changed your DocumentRoot directive to point to c:/Apache/htdocs/ssldocs? Try adding
somewhere inside your <VirtualHost _default_:443></VirtualHost> element.
Did you confirm that the default general SSL config worked before tweaking it to restrict SSL to this directory?
Oh and I know that the Windows file-system is not case-sensitive, but I'm not sure about whether or not letter casing matters when specifying files/directories to Apache. Could it be something as simple as the c:/ needing to be changed to C:/? I have absolutely no experience with Apache on Windows, so I don't know if things like that will matter or not.
Well the SSL protocol it self works. As long as I keep the "SSLdocs" directory inside my htdocs directory. The problem with it being inside the htdocs directory. Is that a user could type into the browser "http://mysite.com/SSLdocs" and now they've reached a secure section that isn't secure. You see what I'm saying?
I want my UN-encrypted directory and my Encrypted directory to be completey seperated. So that theres no way you can jump from one to the other.
So basically if I type in my browser "http://mysite.com/" apache will serve files from "htdocs".
But, If I type in "https://mysite.com/" apache will serve from "SSLdocs".
Which in a sense it does now with "SSLdocs" INSIDE "htdocs".
The issue is that I can still type in "HTTP://mysite.com/SSLdocs" and apache serves the files unencrypted.
Surely there must be a simple way to tell apache that I have two seperate directorys.
"c:/apache/htdocs" < Standard Protocol (*:80)
"c:/apache/SSLdocs" < SSL Protocol (*:443)
On windows the directories are not case-sensitive.
The reason I can't get this to work is because if SSLdocs directory is NOT inside htdocs directory apache acts like the SSLdocs directory is not allowed.
So there is something that tells apache not to let users in any other directory then htdocs. I need to change that something to allow another directory "SSLdocs".
Oh. I think I get it now. So your SSL docs directory is next to your htdocs. Well that explains why you're getting the 403, then. I can't believe it didn't click sooner. I'm pretty sure you can probably do it simply by keeping the DocumentRoot directive in ssl.conf pointing to your SSL docs directory, and keeping the SSL docs directory as a sibling of the htdocs directory (rather than a child), and then allowing access to the directory via some instructions placed in the httpd.conf file.
I'll have a fiddle with the directory structure and config on one of my hosts and see if I can do it this way. I'll post back soon with hopefully simple instructions.
to your httpd.conf file
Allow from all
in your httpd-ssl.conf file and you should be ready to rock 'n' roll. Just make sure to replace "seacritz" with the name of your SSL directory, and remember that Apache will require a restart for the changes to take effect.
Sorry it took so long to sort it.
Stephen you are the mo frikin MAN!!
That works perfectly!
Thank you very much!!!
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)