We are using Apache 2.4.1 on Windows to implement CAC authentication to the production web site. Apache functions as the CAC authentication and a proxy for the Web server.
We need to have https://prodsite.com use CAC authentication but we want to expose https:/prodsite.com/application/services and not have the /services site go through the CAC authentication process. Currently the only redirect i have is a simple redirect to enforce all traffic to https://servername/application RedirectMatch ^/$ /application I need all traffic to https://servername/application to use CAC for authentication. I need to allow https://servername/application/service to use https only but not enforce CAC authentication and I haven't been able to figure out how to do that. Others answers I researched for this stated that the recdirect happens only at HTTP and that obviously wont work. Any ideas on how keep a sub site behind SSL but not enforce CAC are appreciated. Thanks! -- *Paul Russell*