httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: [users@httpd] authtype and rewriterule process order question
Date Tue, 25 Aug 2009 18:07:22 GMT
Jeff Sherk Forerunner Ministries wrote:
> I have authtype basic setup on a folder (https://mydomain.com/myfolder) 
> and would like to redirect the addresses below to it first and then have 
> it ask for username and password:
> http://mydomain.com/myfolder
> http://www.mydomain.com/myfolder
> https://www.mydomain.com/myfolder
> (the above 3 should all be redirected to https://mydomain.com/myfolder)
> 
> Without the rewriterule, all 4 urls are accessible as is (and ask for 
> username & password).
> 
> Here is my htaccess file so far, but what it appears to do is always ask 
> for the username and password first and then redirect second. I want it 
> to redirect first and then ask for username and password, so that you 
> cannot enter your username & password with regular http but have to use 
> https.

ThatÅ› entirely the wrong approach.  Since you want password protection
in your secure vhost, define it there.  Not in some .htaccess, and
especially not one which is shared with another vhost where it's
not wanted.  It becomes a lot easier if it (or at least the protected
area) also doesn't share a directory with the other vhost.

As for the question in your subject line, rewriterules in a Directory
context (which includes htaccess) run after authnz.

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message