httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anthony Kowalick <>
Subject [users@httpd] Noobie Htaccess/ SSL authentication
Date Thu, 09 Dec 2010 17:59:04 GMT
Excuse me for my ignorance on Apache up front and sorry if this email is

Here Is my situation (hopefully Im explaining it correctly).

We have an apache 2 server, using AuthLDAP for htaccess user/pass.

I am trying to set it up so that if a user goes to a page which requires
authentication that that htaccess login is forced to to HTTPS/SSL so it=B9s
not clear text.

For example.(folder names are not specific, examples only)

This page requires LDAP auth but since the user didn=B9t type HTTPS its

How can I force Apache to say OK, this isnt HTTPS, redirect to HTTPS and
then pop the login box and its not clear text?

I have tried all of these below

* RewriteCond %{SERVER_PORT} !^443$ RewriteRule .*
This pops the login box but only after it shows the content of the page
first. =B3hello world=B2

* SSLOptions +StrictRequire
           SSLRequire  %{HTTP_HOST} eq ""
This fails to load any page if the user doesn=B9t explicitly type HTTPS in

So what I=B9m looking to do is say:

User types in

Apache says OK, that folder requires AUTH, lets first go to HTTPS, require
LDAP login then show the page.

Hope this makes sense.


View raw message