Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Message-Id: <5.2.0.9.0.20021203123729.027387d0@spey>
Date: Tue, 03 Dec 2002 12:40:12 +0000
To: users@httpd.apache.org
From: Duncan Brannen <dbb@st-andrews.ac.uk>
In-Reply-To: <484A6CA492BE654395D208B1D8D5393973A5B2@SOMEXEVS001.ex.orde
 rsx.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Subject: RE: [users@httpd] Basic Auth and SSL

At 13:14 03/12/2002 +0100, Boyle Owen wrote:
>You can't just switch it on with some "UseSSLHere" directive.
>
>You could redirect all homepages which require login to a mirror version
>under an SSL VH and then redirect requests for content under the SSL VH
>back to the HTTP site.

Content could be sent via SSL as well, I just hoped to stop browsers sending
unencrypted passwords without the users having to know do do it


>It would take quite a bit of configuration, but it is possible.
>
>Rgds,
>
>Owen Boyle
>
> >-----Original Message-----
> >From: Duncan Brannen [mailto:dbb@st-andrews.ac.uk]
> >Sent: Dienstag, 3. Dezember 2002 12:53
> >To: users@httpd.apache.org
> >Subject: [users@httpd] Basic Auth and SSL
> >
> >
> >
> >Just curious,
> >       Is there any way to force apache to use SSL any time it's
> >asking a browser for authentication?  We've a few areas of our web site
> >where users ask for passwords & it would be nice if I could get apache
> >to automatically switch to SSL for these areas without the
> >user having to
> >do it.
> >
> >Users would often forget the https://  if they had to type it
> >and use http://
> >anyway.
> >
> >Cheers,
> >       Dunk
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP
> >Server Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>This message is for the named person's use only. It may contain
>confidential, proprietary or legally privileged information. No
>confidentiality or privilege is waived or lost by any mistransmission.
>If you receive this message in error, please notify the sender urgently
>and then immediately delete the message and any copies of it from your
>system. Please also immediately destroy any hardcopies of the message.
>You must not, directly or indirectly, use, disclose, distribute, print,
>or copy any part of this message if you are not the intended recipient.
>The sender's company reserves the right to monitor all e-mail
>communications through their networks. Any views expressed in this
>message are those of the individual sender, except where the message
>states otherwise and the sender is authorised to state them to be the
>views of the sender's company.
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org