Hello All, I have a strange problem here and was wondering if anyone had a solution. I'm looking to perform a rewrite to https then require the user submit a username and password. The idea behind this is that the username and password are submitted encrypted rather than in plain text.
First off version information Apache Server version: Apache/1.3.26 (Unix) Mod_SSL 2.8.9 (debian 2.8.9-2.1) I looked at Ralf's presentation from apachecon2000 (ref http://www.modssl.org/docs/apachecon2000/slide-021-n.html ) which does have a recipie for what I am looking to accomplish. The only problem I have is it doesn't seem to work for me. The password authentication happens before the url redirection which isn't desireable in this case. My configuration <Directory "/<server-root>/subdir"> Options Indexes FollowSymLinks AllowOverride All RewriteEngine on RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$ RewriteCond %{HTTPS} !=on RewriteRule ^/(.*) https://%{SERVER_NAME}/subdir/$1 [R,L] SSLOptions +StrictRequire SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 Satisfy any Order deny,allow deny from all allow from 192.168.1.0/255.255.255.0 AuthName "Restricted Access" AuthType Basic AuthUserFile /etc/apache/htpasswd Require valid-user </Directory> Any ideas or suggestions on how I would overcome this obstacle, or reverse the order of directive processing so the rewrite happens first? Thanks Chris ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
