I have a similar issue.
What I do is have a particular rewrite "log/"
whenever someone uses log/ in their script it will sent them
to our authentication page. Its the only way I've figured
out how to do what you're saying. If they request any "secure"
pages and they're not "logged in" then they get the login page
otherwise it sends them on their marry way. Of course, the whole system
our clients are using is served up by a central set of code so
that is easy for us.
The drawback is if they use an .htaccess file with a log/ redirect
it will override ours. One has so far though. Maybe a really obscure
redirect would work. I have our redirects hardwired into our httpd.conf
file to prevent them from messing our rewrite up.
Without really knowing how you and your clients interact while serving
files its hard for me to come up with a solution for your particular
situation
though.
Thanks,
Boysenberry
boysenberrys.com | habitatlife.com | selfgnosis.com
On Jul 24, 2006, at 10:00 AM, Neulinger, Nathan wrote:
Unfortunately, I don't have control over the .htaccess files that are
being created by our users. If we did, would be easy enough to just
force them all to update their configs.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: [EMAIL PROTECTED]
University of Missouri - Rolla Phone: (573) 341-6679
UMR Information Technology Fax: (573) 341-4216
-----Original Message-----
From: Boysenberry Payne [mailto:[EMAIL PROTECTED]
Sent: Monday, July 24, 2006 9:59 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] How to redirect to SSL if
authentication is requested
I think you'll have to use your own authentication script or in other
words
you'll have to authenticate only after you see that authentication is
needed
rather than automatically based off of access settings.
A script that can tell whether or not someone is using https and
whether or
not they've authenticated would do the trick.
Thanks,
Boysenberry
boysenberrys.com | habitatlife.com | selfgnosis.com
On Jul 24, 2006, at 9:31 AM, Neulinger, Nathan wrote:
Is there any straightforward way to tell apache (2.0 build
from RHEL)
to
redirect if authentication is requested?
I want to prevent any use of Basic auth on the
cleartext/http side of
the vhost. I can do that easily by disabling AuthConfig overrides on
that vhost. However, this results in all pages breaking
that were using
that support.
What I'd like to be able to do is cause any use of AuthInfo
on the http
host to immediately generate a redirect response to the same server
name, port 443.
Is this possible?
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: [EMAIL PROTECTED]
University of Missouri - Rolla Phone: (573) 341-6679
UMR Information Technology Fax: (573) 341-4216
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP
Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
