httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pol Hallen" <>
Subject [users@httpd] digest auth over ssl
Date Thu, 19 Jun 2014 19:52:07 GMT
Hi all :-)

I've configured apache2 to redirect a virtual host (munin) from http to
https, I've something like this:

cat /etc/apache2/site-enabled/default

# 20140619 - munin redirect http to https
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/munin/.*
RewriteRule ^(.*)$$1 [R,L]

munin has its default config

cat /etc/apache2/site-enabled/munin

Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/www>
        Order allow,deny
        Allow from all ::1
        Options None
        AuthUserFile /etc/munin/munin-pass
        AuthName ""
        AuthType Digest
        require valid-user
    <IfModule mod_expires.c>
        ExpiresActive On
        ExpiresDefault M310

So, when I try to connect (using chrome) to, browser immediately ask me username and
password (I'm connected using http). After inserted mine credentials
(browser warn me about not trusted certificate, it's ok: I don't have a
trusted certficate). When I force it to connect using https I need
re-insert username and password and only now I can see the munin page.

Now, when I insert user and password (the first time), does that
credentials can intercepts? or I'm inside SSL tunnel?

If not, how can I configure either
(secure) redirect to or starting only

thanks for help!


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message