JJH == J J Horner [EMAIL PROTECTED] writes:
JJH I have need of a module that will redirect to https anytime
JJH basic authentication is required.
JJH I figure the best way to do this is to step in at the authentication
JJH phase, and should authentication be required and the method be http,
Stephen Adkins wrote:
Is there an easier way to safeguard against Apache prompting for
a password over HTTP?
You could keep the secure areas outside the HTTP document root ?? Just a
different DocumentRoot for HTTPS in your VirtualHost or separate
httpd.conf.
Mithun
* Mithun Bhattacharya ([EMAIL PROTECTED]) [010919 03:40]:
Stephen Adkins wrote:
Is there an easier way to safeguard against Apache prompting for
a password over HTTP?
You could keep the secure areas outside the HTTP document root ?? Just a
different DocumentRoot for HTTPS in your
Putting it into the auth phase would be appropriate, but I have to wonder
why this module is needed other than to refrain from keeping your
configuration file clean. Your unsecure virtual host should have no auth
statements in it if you want all auth to be on your secure virtual host...
You'll
The problem with that solution is that we have 2 virtual hosts, one http, one https,
on one
machine. https is the only available transport outside of our network, while the http
server is available internally.
This is a production webserver, with existing information, applications, etc. We
-Original Message-
From: 'J. J. Horner' [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 12:01 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: ANNOUNCE: Starting work on Apache::RedirectUnless
The problem with that solution is that we have 2 virtual
hosts
. There are security
implications to consider here...
Regards,
Christian
-Original Message-
From: 'J. J. Horner' [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 12:01 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: ANNOUNCE: Starting work on Apache::RedirectUnless
--
Christian Gilmore
Team Lead
Web Infrastructure Tools
IBM Software Group
-Original Message-
From: Stephen Adkins [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 3:09 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: ANNOUNCE: Starting work on Apache::RedirectUnless
Hi
On Tue, Sep 18, 2001 at 04:08:30PM -0400, Stephen Adkins wrote:
Hi,
I have been following this thread with interest because I have been
struggling with the same problem. I define it this way.
* To achieve secure authentication which is widely supported, you need
to use Basic