httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Hart <tomh...@coopfed.org>
Subject Re: [users@httpd] auth only when ssl
Date Thu, 11 Oct 2007 20:58:48 GMT
You're an idiot!

Sorry, just wanted to save you guys the trouble. I am an idiot (missing 
allow from all in the directory entry, and don't need :443 vhost), and I 
thank you for not pointing it out to me until I could figure it out for 
myself.

Tom Hart wrote:
> Hey guys. I finally got ldap authentication working, and I finally got 
> SSL working, now I have a slightly more complicated issue. What I 
> would like to happen is if a user tries to access the intranet through 
> a non-ssl connection (http://server) it should serve a page that 
> basically says "Please use ssl, you'll be redirected in 10 seconds" 
> (that page is made and works). However if they do that I want it to 
> not auth at all (right now everything has ldap auth setup) until it 
> goes to the ssl connection. Here's the relevant parts of httpd.conf 
> from my failed attempt. Any suggestions?
>
> Oh btw, http:// gives me a 403 forbidden, and https:// gives me a 
> pop-up saying "server has sent an incorrect or unexpected message. 
> Error code -12263". I have gotten this to work a bit, where the ssl 
> works again, but it still auths on non-ssl.
>
> DocumentRoot "C:/Program Files/Apache Software 
> Foundation/Apache2.2/htdocs"
> Alias /spooldir "C:/data/SPOOLDIR/"
> Alias /database "C:/data/Finops/Database/Data/Current"
> Alias /nonssl    "C:/Program Files/Apache Software 
> Foundation/Apache2.2/nonssl"
>
> NameVirtualHost *:80
> NameVirtualHost *:443
>
> <Directory />
>    Options FollowSymLinks
>    AllowOverride None
>    Order deny,allow
>    Deny from all
>    Satisfy all
> </Directory>
>
> <Directory "C:/Program Files/Apache Software 
> Foundation/Apache2.2/htdocs">
>    Options Indexes FollowSymLinks
>    AllowOverride None
>    Order deny,allow
>
>    AuthType Basic
>    AuthName "Intranet"
>    AuthBasicProvider ldap
>
>    AuthzLDAPAuthoritative off
>    AuthLDAPUrl 
> "ldap://192.168.1.171:389/ou=People,dc=coopfed,dc=local?sAMAccountName"
>    AuthLDAPBindDN "cn=cu_apache_auth,cn=Users,dc=coopfed,dc=local"
>    AuthLDAPBindPassword "********"
>
>    Require valid-user
>
> </Directory>
>
> <Directory "C:/Program Files/Apache Software 
> Foundation/Apache2.2/nonssl">
>    Options Indexes FollowSymLinks
>    Order allow,deny
>
> </Directory>
>
> <Directory "C:/data/spooldir">
>    Order deny,allow
>
>    AuthType Basic
>    AuthName "Intranet"
>    AuthBasicProvider ldap
>
>    AuthzLDAPAuthoritative off
>    AuthLDAPUrl 
> "ldap://192.168.1.171:389/ou=People,dc=coopfed,dc=local?sAMAccountName"
>    AuthLDAPBindDN "cn=cu_apache_auth,cn=Users,dc=coopfed,dc=local"
>    AuthLDAPBindPassword "********"
>
>    Require valid-user
>
> </Directory>
>
> <Directory "C:/data/Finops/Database/Data/Current">
>    Order deny,allow
>
>    AuthType Basic
>    AuthName "Database"
>    AuthBasicProvider ldap
>
>    AuthzLDAPAuthoritative off
>    AuthLDAPUrl 
> "ldap://192.168.1.171:389/ou=People,dc=coopfed,dc=local?sAMAccountName"
>    AuthLDAPBindDN "cn=cu_apache_auth,cn=Users,dc=coopfed,dc=local"
>    AuthLDAPBindPassword "********"
>
>    Require ldap-user "tomhart"
>
> </Directory>
>
> <VirtualHost *:80>
> ServerName che
> DocumentRoot "C:/Program Files/Apache Software 
> Foundation/Apache2.2/nonssl"
> </VirtualHost>
>
> <VirtualHost *:443>
> ServerName che
> DocumentRoot "C:/Program Files/Apache Software 
> Foundation/Apache2.2/htdocs"
> </VirtualHost>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message