httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <rob...@profundis.nu>
Subject Re: [users@httpd] %{HTTP:Authorization}
Date Wed, 12 Nov 2003 13:08:31 GMT
Michele Marcionelli wrote:
> What shall I do? I tryed the following rewiterule:
>
>   RewriteCond %{HTTP:Authorization} ^.+
>   RewriteRule ^(.*) https://%{HTTP_HOST}$1 [R,L]
>
> This does't work correctly. What happend is the following:
>
> 1. I'm asked to enter (on http) username and password
> 2. the RewriteCond matched the condition and switch to https
> 3. I'm asked again to enter username and password again (!!)

Of course it does. You need to redirect before asking for authentication. If
you protect the directory/location in the non-SSL host, you will get asked
for credentials before getting redirected.

I will assume that you have two virtual hosts: one non-SSL, and one SSL,
both sharing the same document root, and a particular directory tree
requires authentication. Something like this could work:

    <VirtualHost *:80>
        ServerName xxx
        DocumentRoot /path/to/docroot
        # Could possibly be a Location block instead
        <Directory /path/to/docroot/secret>
            # Could also be Redirect or RedirectMatch
            RewriteRule (.*) https://%{SERVER_NAME} [R,L]
        </Directory>
        ...
    </VirtualHost>

    <VirtualHost 1.2.3.4:443>
        ServerName xxx
        DocumentRoot /path/to/docroot
        <Directory /path/to/docroot/secret>
            # Authentication stuff
            AuthType basic
            ...
            Require valid-user
        </Directory>
        ...
    </VirtualHost>

Be sure to not have a .htaccess file in the directory.

If this doesn't work for you, you need to give much more details about your
setup.

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message