2.3.156 SSLRequireSSL
SSLRequireSSL prohibits non-SSL access.
Description
SSLRequireSSL prohibits non-SSL access. If this directive is specified, HTTP access is denied with the status code 403 Forbidden, even when SSL is disabled by the SSLDisable directive. This directive prevents the inadvertent disabling of SSL and inadvertent disclosure of content that might occur if other directives are incorrectly specified.
Syntax
SSLRequireSSL
Locations where it can be written
httpsd.conf, <VirtualHost>, <Directory>, and .htaccess
Overwrite permission
FileInfo level
Example
<VirtualHost 172.17.40.10:443> SSLDisable ... <Directory /secure/dir> SSLRequireSSL ... </Directory> </VirtualHost>
In this example, HTTP access to port 443 of the host 172.17.40.10 is allowed, but access to the /secure/dir directory is not allowed. For HTTP access to the /secure/dir directory, the status code 403 Forbidden is returned.