httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Folini <christian.fol...@post.ch>
Subject Re: [users@httpd] Conditionally redirect to HTTPS URL if authorization required?
Date Fri, 28 Sep 2007 13:01:10 GMT
Hey James,

Your if-then is technically relatively easy to do with
mod-rewrite. 

However, in real life you are likely to face unexpected
problems when accessing "a diverse and historical range 
of applications" via two different channels, one being
http and one being https. Fully qualified URLs in your
application (a href="http://intranet.example.com/foo")
will eventually bite you. You can redirect these
GET requests too, but you can not easily redirect 
POST requests.

It is possible that most of these problems can be
solved. One by one. Sometimes you can get along by
reconfiguring the application, sometimes you can
do a rewrite trick, sometimes you have to be really
agressive and rewrite the http response body. It
is a lot of work and it very complicated. I mean
you will learn a real lot about mod-rewrite and
http in general, but do you really want to learn 
that much?

Under the line: I would not attempt this. Stick
with a single access channel and make this channel
https for everyone. This might be annoying to start
out with, but it keeps the complexity to a much
lower level.

regs,

Christian


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message