0

I have VPS with several sites and applications, and I want to run MySQL administration tool over https to avoid possibility of man-in-the-middle attack, since I often have to use mysql root password.

Now, it would not be problem at all if I had domain name specially for that purpose, since it's no problem to set up ssl virtual host. My task is to make only one (sub)folder of default virtual host https-forced.

Let's say I have /var/www with vhosts folder and everything below. If i type http://{ip-adress-of-vps} i get file that serves as index for /var/www which is default host. I want to create phpmyadmin dir below /var/www (/var/www/phpmyadmin) and to access it via https only when calling http://{ip-adress-of-vps}/phpmyadmin.

Is that possible? How to do that? If not possible, what's your best practice?

Thanks in advance.

Miloš Đakonović
  • 682
  • 3
  • 9
  • 28
  • 1
    Why can't you add a domain name? You already have a VPS, so don't you have some kind of domain control? You could make a subdomain like phpmyadmin.domain.com – Halfgaar Jun 22 '13 at 21:36

1 Answers1

3

It is not possible in apache. The SSLEngine is enabled per virtual host.

What you need to do is create an additional virtual host, and create a specific directory block for the directory you want to work like this. Deny all access to it. Then, use mod_rewrite to redirect users to the HTTPS URL when they query that part of the site with HTTP.

A better solution is to use a separate domain name for your secure content.

Falcon Momot
  • 25,244
  • 15
  • 63
  • 92