httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45801] SSLRequireSSL with strictrequire and satisfy any does not behave as expected
Date Fri, 05 Jun 2009 17:53:24 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45801





--- Comment #4 from Liam Morland <Liam@Morland.ca>  2009-06-05 10:53:22 PST ---
The desire to redirect from http to https is a common one. Getting it right is
important for security. One can use mod_rewrite to do this, but not if
SSLRequireSSL is specified. One of the reasons for SSLRequireSSL is "for
defending against configuration errors that expose stuff that should be
protected". It's handy to have a simple, one-line configuration which provides
that security.

My suggestion: create an optional parameter so that one could put in a config
file "SSLRequireSSL Redirect". This would issue a redirect to non-SSL
connections before any other access controls or authentication would be tested.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message