On 6/18/2013 9:51 PM, Kevin A. McGrail wrote:
Hello All,We are protecting server-status and info with basic auth using a config block similar to the following: <Location /server-info> SetHandler server-info #Order deny,allow #Deny from all #Allow from .example.com AuthType basic AuthName "Apache Info" AuthUserFile /usr/local/apache2/conf/server-status_htpasswd Require valid-user </Location> Is there a a way to require https to access this Location? Using a rewrite so far is a problem because to get to the rewrite, you have to enter the basic auth and that fails the PCI scan because it's consider cleartext access. But perhaps that just because I've been trying a .htaccess and we can do it some other way? Apologies if this is simple. I've been getting bleary eyed looking at it and might be missing the forest for the trees.
This should be relevant: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslrequiressl Jim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
