Putting it into the auth phase would be appropriate, but I have to wonder
why this module is needed other than to refrain from keeping your
configuration file clean. Your unsecure virtual host should have no auth
statements in it if you want all auth to be on your secure virtual host...

You'll need to have your entire session where you want the user to
authenticate on the same virtual host, else the user will be prompted
multiple times or you will have a security gap if you're leaving it all up
to the service layer.

Regards,
Christian

> -----Original Message-----
> From: J. J. Horner [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 18, 2001 8:51 AM
> To: [EMAIL PROTECTED]
> Subject: ANNOUNCE: Starting work on Apache::RedirectUnless
>
>
> I have need of a module that will redirect to https anytime
> basic authentication is required.
>
> I figure the best way to do this is to step in at the authentication
> phase, and should authentication be required and the method be http,
> redirect to https for any and all basic authentication
> traffic.  Perhaps
> after this, redirect to http, if desired.
>
> Any comments or suggestions?
>
> Thanks,
> JJ
>
> --
> J. J. Horner
> "H*","6d6174686c696e40326a6e6574776f726b732e636f6d"
> ***************************************************
> "H*","6a6a686f726e65724062656c6c736f7574682e6e6574"
>
> Freedom is an all-or-nothing proposition:  either we
> are completely free, or we are subjects of a
> tyrannical system.  If we lose one freedom in a
> thousand, we become completely subjugated.
>

Reply via email to