4.7. Doing HTTP and HTTPS for the same hostname

This configuration gives us a site that is only accessible by HTTPS. We might alternatively want to serve secure and insecure content from a single site, but with the content of one or more directories only available by HTTPS. We can do this by adding virtual server that accesses our content by HTTP and arranging for both virtual servers to use the same DocumentRoot.

Listen  80

<VirtualHost *:80>

  ServerName    www.dept.cam.ac.uk
  DocumentRoot  /srv/www/WWW
  CustomLog     /var/log/apache2/www.log  clf

</VirtualHost>

<VirtualHost *:443>

  ...
  DocumentRoot  /srv/www/WWW
  ...

Then we add the following outside all the VirtualHost blocks.

<Directory /srv/www/WWW/protected>
  SSLRequireSSL
</Directory>

Other variants on access control, for example requiring particular cipher suits, are also possible - see the SSLRequire directive.