httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Boysenberry Payne <boysenbe...@humaniteque.com>
Subject Re: [users@httpd] How to redirect to SSL if authentication is requested
Date Mon, 24 Jul 2006 15:16:11 GMT
I have a similar issue.

What I do is have a particular rewrite "log/"
whenever someone uses log/ in their script it will sent them
to our authentication page.  Its the only way I've figured
out how to do what you're saying.  If they request any "secure"
pages and they're not "logged in" then they get the login page
otherwise it sends them on their marry way.  Of course, the whole system
our clients are using is served up by a central set of code so
that is easy for us.

The drawback is if they use an .htaccess file with a log/ redirect
it will override ours.  One has so far though.  Maybe a really obscure
redirect would work.  I have our redirects hardwired into our httpd.conf
file to prevent them from messing our rewrite up.

Without really knowing how you and your clients interact while serving
files its hard for me to come up with a solution for your particular 
situation
though.


Thanks,
Boysenberry

boysenberrys.com | habitatlife.com | selfgnosis.com

On Jul 24, 2006, at 10:00 AM, Neulinger, Nathan wrote:

> Unfortunately, I don't have control over the .htaccess files that are
> being created by our users. If we did, would be easy enough to just
> force them all to update their configs.
>
> -- Nathan
>
> ------------------------------------------------------------
> Nathan Neulinger                       EMail:  nneul@umr.edu
> University of Missouri - Rolla         Phone: (573) 341-6679
> UMR Information Technology             Fax: (573) 341-4216
>
>
>> -----Original Message-----
>> From: Boysenberry Payne [mailto:boysenberry@humaniteque.com]
>> Sent: Monday, July 24, 2006 9:59 AM
>> To: users@httpd.apache.org
>> Subject: Re: [users@httpd] How to redirect to SSL if
>> authentication is requested
>>
>> I think you'll have to use your own authentication script or in other
>> words
>> you'll have to authenticate only after you see that authentication is
>> needed
>> rather than automatically based off of access settings.
>>
>> A script that can tell whether or not someone is using https and
>> whether or
>> not they've authenticated would do the trick.
>>
>> Thanks,
>> Boysenberry
>>
>> boysenberrys.com | habitatlife.com | selfgnosis.com
>>
>> On Jul 24, 2006, at 9:31 AM, Neulinger, Nathan wrote:
>>
>>> Is there any straightforward way to tell apache (2.0 build
>> from RHEL)
>>> to
>>> redirect if authentication is requested?
>>>
>>> I want to prevent any use of Basic auth on the
>> cleartext/http side of
>>> the vhost. I can do that easily by disabling AuthConfig overrides on
>>> that vhost. However, this results in all pages breaking
>> that were using
>>> that support.
>>>
>>> What I'd like to be able to do is cause any use of AuthInfo
>> on the http
>>> host to immediately generate a redirect response to the same server
>>> name, port 443.
>>>
>>> Is this possible?
>>>
>>> -- Nathan
>>>
>>> ------------------------------------------------------------
>>> Nathan Neulinger                       EMail:  nneul@umr.edu
>>> University of Missouri - Rolla         Phone: (573) 341-6679
>>> UMR Information Technology             Fax: (573) 341-4216
>>>
>>>
>>>
>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP
>> Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message