httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Bakshi" <joyd...@infoservices.in>
Subject Re: [users@httpd] redirect occurs after authorization !!!
Date Tue, 27 Oct 2009 10:33:44 GMT
Krist van Besien wrote:
> On Tue, Oct 27, 2009 at 7:37 AM, J. Bakshi <joydeep@infoservices.in> wrote:
>   
>> Hello list,
>>
>> I have finally able to redirect the viewvc ( svn viewer ) to https. here
>> is the configuration
>>
>> ``````````````````````````````
>> ScriptAlias /test  /usr/lib/cgi-bin/viewvc.cgi
>>
>> <Location /test>
>> RewriteEngine   on
>> RewriteCond %{HTTPS} off
>> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>>
>> AuthType Basic
>> AuthName "requires a password"
>> AuthUserFile /home/svn/PASSWD
>> Require valid-user
>> </Location>
>> ```````````````````````````````````````````
>>
>> This is working fine for both internet and intranet.  But  I have found
>> it first check the authorization through http connection and after
>> getting the right password it redirects  to https version.  Can I
>> redirect  to http before authentication  ?
>>     
>
> A couple of notes:
>
> - Using <Location> to protect a resource on the local filesystem is a
> absolutely bad idea. Your script might be accessible via another URL.
> - Your rewrite rule does indeed do the correct redirection, but will
> only do this after authentication. This because that is how you've
> configured it. You've told your server to require authentication from
> anyone accessing /test and this your server does. Authentication
> happens very early in request processing, before rewriting.
>
> A better way:
>
> ScriptAlias /test  /usr/lib/cgi-bin/viewvc.cgi
>
> RewriteEngine   on
>
> RewriteCond %{HTTPS} off
> RewriteRule /test.* https://%{HTTP_HOST}%{REQUEST_URI} [R]
>
> <Directory  /usr/lib/cgi-bin/ >
>      <Files viewvc.cgi>
>          SSLRequireSSL
>          AuthType Basic
>         AuthName "requires a password"
>         AuthUserFile /home/svn/PASSWD
>         Require valid-user
>      </Files>
> </Directory>
>
> HTH,
>
> Krist
>
>   

Hello Krist,

I must give you a words of thanks for showing me the right track.  Also
grateful to you for your clarification.  I have replaced my code with
yours. But the redirect is not working with this code. apache log reports

```````````````````````
 access to /usr/lib/cgi-bin/viewvc.cgi failed, reason: SSL connection
required
```````````````````````````````````````

This is ok as redirection is not working here. Do you have any idea ? My
previous config with <Location> could did the redirection though.

Thanks

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message