Fergus Donohue wrote:
> I'm using the config detailed at:
>
> http://www.modssl.org/docs/2.8/ssl_howto.html#auth-intranet
>
> to require SSL access for people connecting to an area of our website
> over the internet. The problem is that the username/password dialog box
> is brought up before we go into SSL mode and so users type in their
> passwords. Is it possible to redirect external users (internet) to the
> https url before bringing up the password dialog?
What makes you think that the dialog happens before you're secure?
It it is the "lock" or the "key", don't worry, you're still safe.
The browsers usually only update the secure sign once the page loaded.
If you're paranoid, run tcpdump or dsniff to confirm...
Cheers,
Balázs
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
