Re: ssl/https question

by "Steve Mount" <steve(at)saltyrain.com>

 Date:  Sun, 30 Dec 2001 00:40:36 -0500
 To:  "Lyle" <Lyle(at)lcrcomputer.com>,
"Hwg-Servers List \(E-mail\)" <hwg-servers(at)hwg.org>
 References:  lcrcomputer
  todo: View Thread, Original
Place the HTML file outside the web server's namespace, and access it only
via a CGI call.  With Apache, for example, the namespace that is "/" is
really /usr/local/etc/httpd/htdocs.  If the file is not in that directory,
it cannot be seen via an http or https call.  But a CGI running on that
server has access to the whole directory structure, and can read from or
write to that file as needed.  This may not be your answer, but might get
you thinking in the right direction...

-------------------------------------------------------------
Steve Mount, Software Engineer            steve(at)saltyrain.com
Home Site                            http://www.saltyrain.com
US Constitution Online          http://www.usconstitution.net
Free Your Soul             http://www.anonymousconfession.com


----- Original Message -----
From: "Lyle" <Lyle(at)lcrcomputer.com>
To: "Hwg-Servers List (E-mail)" <hwg-servers(at)hwg.org>
Sent: Saturday, December 29, 2001 11:54 AM
Subject: ssl/https question


> I am setting up a new site on a secure server.  Is there a way to prevent
a
> certain html page from loading via http vs. https?  It's just a plain html
> page and the submit is a post to a cgi script and I want to prevent users
> from loading it via https although all links are to the correct https
page.
> Right now there is nothing to prevent anyone from pulling up the html page
> via http, if you know the url.
>
> This is residing on a Linux server running Apache 1.13.20, btw.
>
> Thanks,
> Lyle

HWG: hwg-servers mailing list archives, maintained by Webmasters @ IWA