Re: [users@httpd] mod_rewrite redirect to login page

Tue, 04 Mar 2014 12:14:13 -0800 


>>> On 2014/03/04 at 10:44 AM, in message <5315f4db.8020...@rcbowen.com>, Rich
Bowen <rbo...@rcbowen.com> wrote:

> On 03/03/2014 05:40 PM, Keith Lawson wrote:
>> Hello,
>>    # Redirect to pass through authentication if internal
>>    #
>>    RewriteCond %{REMOTE_ADDR} ^10\..*$
>>    RewriteCond %{LA-U:REMOTE_USER} !(.+)
>>    RewriteRule ^/kltest/env$ https://sso.lhsc.on.ca/signauto/in [NS]
>>    # Redirect to manual authentication if external
>>    #
>>    RewriteCond %{LA-U:REMOTE_USER} !(.+)
>>    RewriteCond %{REMOTE_ADDR}      !^10\..*$
>>    RewriteRule ^/kltest/env$ https://sso.lhsc.on.ca/sign/in [NS]
>> "Site::SSO" is our in house Apache2::AuthCookie auth handler, the 
>> ticket for this is set once you authenticate to one of the pages on 
>> "sso.lhsc.on.ca" and "REMOTE_USER" is set if I remove the rewrite 
>> rules but mod_rewrite never sees anything in "REMOTE_USER". What am I 
>> missing?
>>
> 
> I suspect that you might be able to do the same thing with
> 
> ErrorDocument 403  https://sso.lhsc.on.ca/signauto/in 
> 
> and avoid the convolutions of mod_rewrite here. Assuming your in-house 
> mod_perl auth handler returns a 403 on auth failure.

Actually that's how Apache2::Authcookie works. So with a single login page it 
redirects to a form that you configure. My challenge here is that I need to 
redirect to different authentication pages depending on the IP the request 
comes from. 

I ended up solving the problem by implementing it in the authz handler but 
unless I'm reading the documentation incorrectly it should be possible with 
mod_rewrite too.

> 
> --Rich
> 
> 
> -- 
> Rich Bowen - rbo...@rcbowen.com - @rbowen
> http://apachecon.com/ - @apachecon

 
--------------------------------------------------------------------------------
This information is directed in confidence solely to the person named above and 
may contain confidential and/or privileged material. This information may not 
otherwise be distributed, copied or disclosed. If you have received this e-mail 
in error, please notify the sender immediately via a return e-mail and destroy 
original message. Thank you for your cooperation.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to