On Tue, Sep 18, 2001 at 04:08:30PM -0400, Stephen Adkins wrote:
> Hi,
>
> I have been following this thread with interest because I have been
> struggling with the same problem. I define it this way.
>
> * To achieve secure authentication which is widely supported, you need
> to use Basic authentication over SSL
> * All URLs which can be accessed with HTTPS can be accessed with HTTP
> * I secure certain directories with .htaccess and all of the links
> in my site which point to them are via HTTPS, so as long as people
> always follow the links, they will never transfer the password
> in clear text (essentially) over the network using HTTP.
> * However, if they type the URL directly into the browser and they
> *forget* to use "https" but rather use "http", their password
> is exposed to network sniffers.
Do just like mod_proxy_add_forward.c but forward the port also.
/* fixup */
ap_table_set(r->headers_in, "X-Port", ap_psprintf(r->pool, "%u",
r->server->port ? r->server->port : ap_default_port(r)));
# PerlPost
my $forwarded_port = $r->header_in('X-Port');
if ($forwarded_port != 443)
{
# do something
} else {
# do this
}
Just a thought ....
Jimmy