Re: ANNOUNCE: Starting work on Apache::RedirectUnless

2001-09-19 Thread Vivek Khera
JJH == J J Horner [EMAIL PROTECTED] writes: JJH I have need of a module that will redirect to https anytime JJH basic authentication is required. JJH I figure the best way to do this is to step in at the authentication JJH phase, and should authentication be required and the method be http,

Re: ANNOUNCE: Starting work on Apache::RedirectUnless

2001-09-19 Thread Mithun Bhattacharya
Stephen Adkins wrote: Is there an easier way to safeguard against Apache prompting for a password over HTTP? You could keep the secure areas outside the HTTP document root ?? Just a different DocumentRoot for HTTPS in your VirtualHost or separate httpd.conf. Mithun

Re: ANNOUNCE: Starting work on Apache::RedirectUnless

2001-09-19 Thread J. J. Horner
* Mithun Bhattacharya ([EMAIL PROTECTED]) [010919 03:40]: Stephen Adkins wrote: Is there an easier way to safeguard against Apache prompting for a password over HTTP? You could keep the secure areas outside the HTTP document root ?? Just a different DocumentRoot for HTTPS in your

RE: ANNOUNCE: Starting work on Apache::RedirectUnless

2001-09-18 Thread Christian Gilmore
Putting it into the auth phase would be appropriate, but I have to wonder why this module is needed other than to refrain from keeping your configuration file clean. Your unsecure virtual host should have no auth statements in it if you want all auth to be on your secure virtual host... You'll

Re: ANNOUNCE: Starting work on Apache::RedirectUnless

2001-09-18 Thread 'J. J. Horner'
The problem with that solution is that we have 2 virtual hosts, one http, one https, on one machine. https is the only available transport outside of our network, while the http server is available internally. This is a production webserver, with existing information, applications, etc. We

RE: ANNOUNCE: Starting work on Apache::RedirectUnless

2001-09-18 Thread Christian Gilmore
-Original Message- From: 'J. J. Horner' [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 12:01 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: ANNOUNCE: Starting work on Apache::RedirectUnless The problem with that solution is that we have 2 virtual hosts

RE: ANNOUNCE: Starting work on Apache::RedirectUnless

2001-09-18 Thread Stephen Adkins
. There are security implications to consider here... Regards, Christian -Original Message- From: 'J. J. Horner' [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 12:01 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: ANNOUNCE: Starting work on Apache::RedirectUnless

RE: ANNOUNCE: Starting work on Apache::RedirectUnless

2001-09-18 Thread Christian Gilmore
-- Christian Gilmore Team Lead Web Infrastructure Tools IBM Software Group -Original Message- From: Stephen Adkins [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 3:09 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: ANNOUNCE: Starting work on Apache::RedirectUnless Hi

Re: ANNOUNCE: Starting work on Apache::RedirectUnless

2001-09-18 Thread Jimmy
On Tue, Sep 18, 2001 at 04:08:30PM -0400, Stephen Adkins wrote: Hi, I have been following this thread with interest because I have been struggling with the same problem. I define it this way. * To achieve secure authentication which is widely supported, you need to use Basic