----- "Anthony Kowalick" <btv1==958707bf13f==tkowa...@skidmore.edu> wrote:
> Excuse me for my ignorance on Apache up front and sorry if this email > is duplicated.... > > Here Is my situation (hopefully Im explaining it correctly). > > We have an apache 2 server, using AuthLDAP for htaccess user/pass. Lets hear what #httpd Channel bot fajita has to say about that: <fajita> Don't confuse htaccess with password-protection. The purpose of htaccess is to enable users to configure apache locally for their own directories, when they have no privilege to do so in httpd.conf. Using htaccess slows the server. Also rewriterules and redirects are more complex in htaccess > I am trying to set it up so that if a user goes to a page which > requires > authentication that that htaccess login is forced to to HTTPS/SSL so > it=B9s > not clear text. > > For example.(folder names are not specific, examples only) > > http://Www.mydomain.com/secure > > This page requires LDAP auth but since the user didn=B9t type HTTPS > its clear > text. > > How can I force Apache to say OK, this isnt HTTPS, redirect to HTTPS > and > then pop the login box and its not clear text? > > I have tried all of these below > > * RewriteCond %{SERVER_PORT} !^443$ RewriteRule .* > https://%{SERVER_NAME}%{REQUEST_URI} [R,L] > This pops the login box but only after it shows the content of the > page > first. =B3hello world=B2 > > * SSLOptions +StrictRequire > SSLRequireSSL > SSLRequire %{HTTP_HOST} eq "mydomain.com" > This fails to load any page if the user doesn=B9t explicitly type > HTTPS in > browser. > > So what I=B9m looking to do is say: > > User types in http://www.mydomain.com/secure > > Apache says OK, that folder requires AUTH, lets first go to HTTPS, > require > LDAP login then show the page. Maybe I can break this down to something resonable: <VirtualHost *:80> ServerName www.mydomain.com DocumentRoot /srv/web/www.mydomain.com/htdocs Redirect permanent /secure https://www.mydomain.com/secure </VirtualHost> <VirtualHost *:443> ServerName www.mydomain.com DocumentRoot /srv/web/www.mydomain.com/htdocs SSLEngine On OtherSSLOptions <Location /secure> AuthStuffHere </Location> </VirtualHost> > Hope this makes sense. So do I. > Regards, > Tony i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
