httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Turner <>
Subject Re: [users@httpd] Redirecting htaccess over SSL, then back to port 80?
Date Tue, 07 Jul 2009 17:40:06 GMT
On Tue, Jul 7, 2009 at 10:25 AM, Paul Reilly<> wrote:

> I don't want to force all web access over HTTPS, just the .htaccess
> authentication.

Assuming you're doing standard HTTP Authentication, it doesn't work
that way.  Once you get the login popup, every subsequent request by
the browser sends the same authentication token (username & password
in clear text) to the server.

Hence, doing SSL for the first request doesn't really add to your
security since all the other requests would send the username &
password in clear text (some people think the user & pass are
"encrypted" but it's really just base64 encoding).

Aaron Turner - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message