httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marat Khalili <...@rqc.ru>
Subject Re: [users@httpd] Apache 2.4 : Rewrite to keep the original URL
Date Sat, 11 Mar 2017 18:24:56 GMT
Best way is to avoid redirects completely: show requested application page if user is authenticated,
otherwise show login page. This is what happens if you use apache authentication modules,
like mode_auth_basic (warning: SSL is mandatory for it). Some applications use redirects,
but pass original url in query string and hidden form fields.

From your scenario it is not clear how application will know that user actually passed login
page and not typed application URL directly. Also, you'll need to securely pass user identity
from login page to application. Generally, writing your own authentication is not recommended,
because it's almost impossible to avoid major security blunders when you do it the first time.
-- 

With Best Regards,
Marat Khalili

On March 11, 2017 4:07:54 PM GMT+03:00, "Fabio S. Schmidt" <fabio@improve.inf.br> wrote:
>Hi,
>
>I'm trying to setup an environment with a frontend interface which
>login
>and redirects to my application.
>
>The scenario is: The user access with webmail.domain.com and the login
>page
>redirects to the application, running on the same host, but on port 81.
>
>How could I keep the original URL? I mean, the browser should keep the
>"
>webmail.domain.com" as the address.
>
>My Apache configuration:
>
><VirtualHost *:443>
>DocumentRoot "/var/www/html/login_domain"
>DirectoryIndex index.html *.php
>ServerName webmail.domain.com
>SSLEngine on
>SSLCertificateFile /etc/ssl/crt/apache.crt
>SSLCertificateKeyFile /etc/ssl/crt/apache.key
>        SSLCertificateChainFile /etc/ssl/crt/ca.crt
></VirtualHost>
>
><VirtualHost *:80>
>DocumentRoot "/var/www/html/login_domain"
>DirectoryIndex index.html *.php
>ServerName  webmail.domain.com
></VirtualHost>
>
>Kind regards.
>Fabio S. Schmidt

Mime
View raw message