From owner-freebsd-questions Wed Jul 19 16: 4:46 2000 Delivered-To: freebsd-questions@freebsd.org Received: from majordomo2.umd.edu (majordomo2.umd.edu [128.8.10.7]) by hub.freebsd.org (Postfix) with ESMTP id 2359037B65A for ; Wed, 19 Jul 2000 16:04:38 -0700 (PDT) (envelope-from gollucci@wam.umd.edu) Received: from rac10.wam.umd.edu (root@rac10.wam.umd.edu [128.8.10.150]) by majordomo2.umd.edu (8.9.3/8.9.3) with ESMTP id TAA04813; Wed, 19 Jul 2000 19:04:23 -0400 (EDT) Received: from rac10.wam.umd.edu (sendmail@localhost [127.0.0.1]) by rac10.wam.umd.edu (8.9.3/8.9.3) with SMTP id TAA28724; Wed, 19 Jul 2000 19:04:31 -0400 (EDT) Received: from localhost (gollucci@localhost) by rac10.wam.umd.edu (8.9.3/8.9.3) with ESMTP id TAA28719; Wed, 19 Jul 2000 19:04:29 -0400 (EDT) X-Authentication-Warning: rac10.wam.umd.edu: gollucci owned process doing -bs Date: Wed, 19 Jul 2000 19:04:29 -0400 (EDT) From: "Philip M. Gollucci" To: ASe User Cc: "'freebsd-questions@FreeBSD.ORG'" Subject: Re: SSL and .htaccess In-Reply-To: <01BFF1A7.AA6D8580.menzies1@airmail.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Don't put the .htpasswd file in webspace. Only put the .htaccess and .htgroup in webspace. ***************************************************************************** Philip M. Gollucci E-mail : gollucci@wam.umd.edu Philip@p6m7g8.com Phone : 301.249.6261 Major : Computer Science Electrical Engineering Current Job : Co Science, Discovery, & the Universe Webmaster ***************************************************************************** On Wed, 19 Jul 2000, ASe User wrote: > Hi, > I have purchased space from an ISP on a FreeBSD 3.2 shell. I'm trying to > set up a web site that has certain directories available only to certain > people. .htaccess worked very well, and I have all the security in place. > Then I implemented SSL. Now I seem to have no security at all as long as > I use SSL. For instance, if I request > http://www.advsysedu.com/private/password/.htpasswd I get security. If I > request the same page with SSL > https://air12.airweb.net/advsysed/private/password/.htpasswd I get a > listing of the password file on my browser. Is there something I can do > within htaccess to secure SSL? For instance, I am currently using > GET POST PUT HEAD in my .htaccess file. Is there another I can add > for SSL? Is there something like SSLDenySSL for FreeBSD? If so, how do I > use it? > > Thanks for any help you can give me. > Regards, > Wes Menzies > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message