hi again, with reference to debian bug report #103609 [1], a debian user states that HTTPS environment variable is still not set during the parsinig of .htacces.
i'm quoting the relevant part from that report. ------------- CUT HERE --------------- This ought to work in .htaccess: order deny,allow deny from all allow from 127.0.0.1 allow from env=HTTPS ... I can see the HTTPS environment variable in the output if I call a cgi script that dumps the environment, so it's there, it's just that somehow at the time that .htaccess is parsed it isn't available to 'allow from env=' statements yet. ------------- CUT HERE --------------- i reproduced it with apache 1.3.27 and mod_ssl 2.8.12. so, if it is a bug, is still present in most recent versions. any comment? cheers cavok [1] http://bugs.debian.org/103609 -----[ Domenico Andreoli, aka cavok --[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50
pgp00000.pgp
Description: PGP signature