httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pol Hallen" <apach...@fuckaround.org>
Subject Re: [users@httpd] https before auth
Date Wed, 10 Jul 2013 17:12:23 GMT
I'm not sure but add:

SSLOptions +StrictRequire
SSLRequireSSL

seems resolve the problem

Is it correct?

thanks!

> Hi all :-)
>
> working on my last post I configured a https rewrite and auth basic:
>
> default
> [...]
> <IfModule mod_rewrite.c>
> <IfModule mod_ssl.c>
> <Location /test>
> RewriteEngine on
> RewriteCond %{HTTPS} !^on$ [NC]
> RewriteRule . https://example.org/test [L]
> </Location>
> </IfModule>
> </IfModule>
> [...]
>
> default-ssl
>
> [...]
> <Directory "/var/www/test">
> Options +SymLinksIfOwnerMatch +Multiviews +Indexes
> AuthType Basic
> AuthName "Authentication Required"
> AuthUserFile "/etc/htpasswd/test"
> Require valid-user
> Order allow,deny
> Allow from all
> </Directory>
> [...]
>
> Now: when I do http://example.org/test, I see access form to
> authentication before the rewrite to https (or no?) - because after login
> I'm in https page.
>
> Is my authentication encrypted, I think no... any idea?
>
> Thanks for help!
>
> Pol
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message