|
My website is a https website using mod_ssl
:
Apache/1.3.22 (Unix) (Red-Hat/Linux) mod_ssl/2.8.5
OpenSSL/0.9.6 DAV/1.0.2 PHP/4.0.4pl1 mod_perl/1.24_01
This is what i have in my access.conf
:
<Directory
/path/to/directory/secure>
AuthName https://name.of.my.website/secure AuthType Basic AuthUserFile /path/to/password/file Require
valid-user
</Directory>
Here is the problem. When i click a link to a
page in the directory, i come up with my login screen popup. If i type the
right username/password pair, it will display the page, if i dont, it comes up
with a 403 error-forbidden. This is all fine. However, i was
extremely surprised to realise that if i fail the connection to receive the 403
error, i can click the back button in the browser, then the forward button, and
get the page...even tho i still havent even authenticated yet!!! I am
assuming that I am doing something stupid, but i cant seem to guess what that
might be.
Thanks in advance for any help!
|
