Per-domain SSL: Apache configuration error(s)

Starting from this discussion: http://www.interworx.com/forums/showthread.php?t=539#post7973

NodeWorx (or SiteWorx?) does not configure SSL virtual hosts correctly. The provided configuration makes connections from MSIE clients very slow and CGI scripts without access to the SSL environment variables.

This is a per-domain issue, but it does not appear to be fixable by editing /home/interworx/etc/vhost-base.conf. Individual domains can be fixed by editing their SSL virtual host like this:

Change:

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

To:

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
 
 <Files ~ "\.(cgi|shtml|phtml|php3?)$">
     SSLOptions +StdEnvVars
 </Files>
 <Directory "/home/[B]{USER}[/B]/[B]{DOMAIN}[/B]/html/cgi-bin/">
     SSLOptions +StdEnvVars
 </Directory>

Does /etc/httpd/conf/ssl-std.conf get loaded? If so, then it could be fixed like this (per domain):

Change:

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

To:

<Directory "/home/[B]{USER}[/B]/[B]{DOMAIN}[/B]/html/cgi-bin/">
  SSLOptions +StdEnvVars
</Directory>

Already defined by ssl-std.conf:

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
  SSLOptions +StdEnvVars
</Files>

Hello

The same tweak has to be done on interworx default:2443 conf file also

http://www.interworx.com/forums/showthread.php?t=539&page=2

We have fixed siteworx slowness like this

Pascal

You’re right. Thanks for pointing that out. I recall some users in the past saying SiteWorx was really slow, but we never got to the bottom of it.

Thanks for all the hard work guys. My only immediate concern is having the file extensions hard coded in there for the +StdEnvVars part. The obvious solution is to have this configurable but this willl take some time. I’ll make sure that we at least the the iworx side updated as that is more self contained.

Chris