httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin A. McGrail" <KMcGr...@PCCC.com>
Subject [users@httpd] Protect server-status with https required?
Date Wed, 19 Jun 2013 01:51:59 GMT
Hello All,

We are protecting server-status and info with basic auth using a config 
block similar to the following:

<Location /server-info>
     SetHandler server-info
     #Order deny,allow
     #Deny from all
     #Allow from .example.com
     AuthType basic
     AuthName "Apache Info"
     AuthUserFile /usr/local/apache2/conf/server-status_htpasswd
     Require valid-user
</Location>

Is there a a way to require https to access this Location?

Using a rewrite so far is a problem because to get to the rewrite, you 
have to enter the basic auth and that fails the PCI scan because it's 
consider cleartext access.  But perhaps that just because I've been 
trying a .htaccess and we can do it some other way?

Apologies if this is simple.  I've been getting bleary eyed looking at 
it and might be missing the forest for the trees.

Regards,
KAM

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message