构建安全的e-commerce服务器(3)

 SSL：

在httpd.conf中打开SSL

Port 80

Listen 80

Listen 443

SSLSessionCache dbm:/usr/local/apache/ logs/ssl_scache

SSLSessionCacheTimeout 1200

# For increased performance use "SSLMutex sem" instead of the line below

SSLMutex file:/usr/local/apache/logs/ssl_mutex

SSLLog /usr/local/apache/logs/ssl_engine_log

# change the log level default from "info" to "warn"

SSLLogLevel warn

SSLOptions +OptRenegotiate

 打开虚拟主机的SSL支持：

# Within the ...

SSLEngine on

# Replace with certificate file name

SSLCertificateFile /usr/local/apache/conf/ssl.

cert/

# Replace with key file name

SSLKeyFile /usr/local/apache/conf/ssl.key/

SSLVerifyClient none

 定制SSL的LOG格式：

LogFormat clfa "%h %l %u %t /"%r/" %>s %b/ %{SSL_PROTOCOL}x  %{SSL_CIPHER}x /"%{SSL_CLIENT_S_DN_CN}x/""

CustomLog /usr/local/apache/logs/access_log clfa

 被保护的目录：

SSLCipherSuite HIGH: MEDIUM

AuthType Digest

AuthName "Beta code testing"

AuthDigestDomain /test/ http://test.my.dom/beta/

AuthDigestFile /usr/local/apache/conf/

digest_pw

Require valid-user