Is there any straightforward way to tell apache (2.0 build from RHEL) to
redirect if authentication is requested?
I want to prevent any use of Basic auth on the cleartext/http side of
the vhost. I can do that easily by disabling AuthConfig overrides on
that vhost. However, this results in all
-Original Message-
From: Neulinger, Nathan [mailto:[EMAIL PROTECTED]
Sent: Monday, July 24, 2006 4:32 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] How to redirect to SSL if
authentication is requested
Is there any straightforward way to tell apache (2.0 build
from
I think you'll have to use your own authentication script or in other
words
you'll have to authenticate only after you see that authentication is
needed
rather than automatically based off of access settings.
A script that can tell whether or not someone is using https and
whether or
not
I was thinking somehow a hook into the mod_auth code...
Something like a cross between Redirect and disabling the AuthConfig
overrride. I'm 99% sure I could do it with code changes, but whether it
could be done cleanly and/or with an add-on module is the key. i.e.
Something to cause it to send
Unfortunately, I don't have control over the .htaccess files that are
being created by our users. If we did, would be easy enough to just
force them all to update their configs.
-- Nathan
Nathan Neulinger EMail:
I have a similar issue.
What I do is have a particular rewrite log/
whenever someone uses log/ in their script it will sent them
to our authentication page. Its the only way I've figured
out how to do what you're saying. If they request any secure
pages and they're not logged in then they get
Well, I came up with a simple module to do this... I'd be open to
feedback if anyone wants to take a look. (It's tiny/simple.)
AuthRedirSSL on in a location/dir/htaccess block will cause requests
to be redirected to the SSL side of the vhost if any AuthType is
defined.
-- Nathan