I'm not sure but add:
SSLOptions +StrictRequire
SSLRequireSSL
seems resolve the problem
Is it correct?
thanks!
> Hi all :-)
>
> working on my last post I configured a https rewrite and auth basic:
>
> default
> [...]
> <IfModule mod_rewrite.c>
> <IfModule mod_ssl.c>
> <Location /test>
> RewriteEngine on
> RewriteCond %{HTTPS} !^on$ [NC]
> RewriteRule . https://example.org/test [L]
> </Location>
> </IfModule>
> </IfModule>
> [...]
>
> default-ssl
>
> [...]
> <Directory "/var/www/test">
> Options +SymLinksIfOwnerMatch +Multiviews +Indexes
> AuthType Basic
> AuthName "Authentication Required"
> AuthUserFile "/etc/htpasswd/test"
> Require valid-user
> Order allow,deny
> Allow from all
> </Directory>
> [...]
>
> Now: when I do http://example.org/test, I see access form to
> authentication before the rewrite to https (or no?) - because after login
> I'm in https page.
>
> Is my authentication encrypted, I think no... any idea?
>
> Thanks for help!
>
> Pol
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
