From owner-freebsd-questions Wed Jul 19 15:32:13 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.airmail.net (mail.airmail.net [206.66.12.40]) by hub.freebsd.org (Postfix) with SMTP id 9702737B662 for ; Wed, 19 Jul 2000 15:32:10 -0700 (PDT) (envelope-from menzies1@airmail.net) Received: from user from [207.136.60.163] by mail.airmail.net (/\##/\ Smail3.1.30.16 #30.438) with smtp for sender: id ; Wed, 19 Jul 2000 17:32:09 -0500 (CDT) Received: by localhost with Microsoft MAPI; Wed, 19 Jul 2000 17:35:01 -0500 Message-ID: <01BFF1A7.AA6D8580.menzies1@airmail.net> From: ASe User Reply-To: "menzies1@airmail.net" To: "'freebsd-questions@FreeBSD.ORG'" Subject: SSL and .htaccess Date: Wed, 19 Jul 2000 17:34:50 -0500 Organization: Advanced Systems for Education, Inc. X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I have purchased space from an ISP on a FreeBSD 3.2 shell. I'm trying to set up a web site that has certain directories available only to certain people. .htaccess worked very well, and I have all the security in place. Then I implemented SSL. Now I seem to have no security at all as long as I use SSL. For instance, if I request http://www.advsysedu.com/private/password/.htpasswd I get security. If I request the same page with SSL https://air12.airweb.net/advsysed/private/password/.htpasswd I get a listing of the password file on my browser. Is there something I can do within htaccess to secure SSL? For instance, I am currently using GET POST PUT HEAD in my .htaccess file. Is there another I can add for SSL? Is there something like SSLDenySSL for FreeBSD? If so, how do I use it? Thanks for any help you can give me. Regards, Wes Menzies To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message