httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anthony Kowalick <btv1==958707bf13f==tkowa...@skidmore.edu>
Subject [users@httpd] Noobie Htaccess/ SSL authentication
Date Thu, 09 Dec 2010 17:59:04 GMT
Excuse me for my ignorance on Apache up front and sorry if this email is
duplicated....

Here Is my situation (hopefully Im explaining it correctly).

We have an apache 2 server, using AuthLDAP for htaccess user/pass.

I am trying to set it up so that if a user goes to a page which requires
authentication that that htaccess login is forced to to HTTPS/SSL so it=B9s
not clear text.

For example.(folder names are not specific, examples only)

http://Www.mydomain.com/secure

This page requires LDAP auth but since the user didn=B9t type HTTPS its
clear
text.

How can I force Apache to say OK, this isnt HTTPS, redirect to HTTPS and
then pop the login box and its not clear text?

I have tried all of these below

* RewriteCond %{SERVER_PORT} !^443$ RewriteRule .*
https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
This pops the login box but only after it shows the content of the page
first. =B3hello world=B2

* SSLOptions +StrictRequire
          SSLRequireSSL
           SSLRequire  %{HTTP_HOST} eq "mydomain.com"
This fails to load any page if the user doesn=B9t explicitly type HTTPS in
browser.

So what I=B9m looking to do is say:

User types in http://www.mydomain.com/secure

Apache says OK, that folder requires AUTH, lets first go to HTTPS, require
LDAP login then show the page.

Hope this makes sense.

Regards,
Tony

Mime
View raw message