Quote:
Originally posted by stickman
You might want to reconsider having your HTTPS content as a subdirectory of your HTTP content.
|
To elaborate on what he said, if you SSL DocumentRoot is a subdirectory of your HTTP DocumentRoot, any SSL page can be viewed over non-SSL connections by simply changing the URL.
For example, suppose your HTTP DocumentRoot is set to /var/www/html and your SSL DocumentRoot is set to /var/www/html/ssl, you would view a page over SSL by typing in
https://server.domain.com/foo.html. However, you could also view the same page over a non-SSL connection by pointing your browser to
http://server.domain.com/ssl/foo.html. Sort of defeats the purpose...