Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How do I secure Apache Alias and ScriptAlias directives?

Hi, everyone,

I'm not an admin and I appreciate your help.

Our server (10.4.8) is open to the Internet and we run SSL for secure HTTP and IMAP access for people with user accounts on the server. https requests are directed to /Library/WebServer/Secure. We're a virtual company so all server access happens over the Internet.

I've installed moinmoin (Wiki) which I need to make available only to our user accounts so I want to put it behind https requests. Aside from security problems, moinmoin is working very nicely.

Moinmoin gets installed in, for example, /usr/local/share. For Apache to reach it, I've added two lines like these to the mod_alias section of httpd.conf:

    Alias /wiki/ "/usr/local/share/moin/htdocs/"
    ScriptAlias /mywiki "/usr/local/share/moin/mywiki/moin.cgi"

Now the Wiki is reachable at www.myserver.com/mywiki. Because these aliases are defined in httpd.conf, in the plain old mod_alias section, the Wiki can be reached by either http or https requests and I can't allow that. I've tried nesting <IfModule mod_ssl.c> inside <IfModule mod_alias.c> but that didn't work after an 'apachectl graceful'.

How can I make the Wiki available only via https?

Many thanks,
Tim

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.