Re: [users@httpd] redirect occurs after authorization !!!

Tue, 27 Oct 2009 02:46:14 -0700 

On Tue, Oct 27, 2009 at 7:37 AM, J. Bakshi <joyd...@infoservices.in> wrote:
> Hello list,
>
> I have finally able to redirect the viewvc ( svn viewer ) to https. here
> is the configuration
>
> ``````````````````````````````
> ScriptAlias /test  /usr/lib/cgi-bin/viewvc.cgi
>
> <Location /test>
> RewriteEngine   on
> RewriteCond %{HTTPS} off
> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>
> AuthType Basic
> AuthName "requires a password"
> AuthUserFile /home/svn/PASSWD
> Require valid-user
> </Location>
> ```````````````````````````````````````````
>
> This is working fine for both internet and intranet.  But  I have found
> it first check the authorization through http connection and after
> getting the right password it redirects  to https version.  Can I
> redirect  to http before authentication  ?

A couple of notes:

- Using <Location> to protect a resource on the local filesystem is a
absolutely bad idea. Your script might be accessible via another URL.
- Your rewrite rule does indeed do the correct redirection, but will
only do this after authentication. This because that is how you've
configured it. You've told your server to require authentication from
anyone accessing /test and this your server does. Authentication
happens very early in request processing, before rewriting.

A better way:

ScriptAlias /test  /usr/lib/cgi-bin/viewvc.cgi

RewriteEngine   on

RewriteCond %{HTTPS} off
RewriteRule /test.* https://%{HTTP_HOST}%{REQUEST_URI} [R]

<Directory  /usr/lib/cgi-bin/ >
     <Files viewvc.cgi>
         SSLRequireSSL
         AuthType Basic
        AuthName "requires a password"
        AuthUserFile /home/svn/PASSWD
        Require valid-user
     </Files>
</Directory>

HTH,

Krist

-- 
krist.vanbes...@gmail.com
kr...@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to