On 6/18/2013 9:51 PM, Kevin A. McGrail wrote:
Hello All,
We are protecting server-status and info with basic auth using a config
block similar to the following:
<Location /server-info>
SetHandler server-info
#Order deny,allow
#Deny from all
#Allow from .example.com
AuthType basic
AuthName "Apache Info"
AuthUserFile /usr/local/apache2/conf/server-status_htpasswd
Require valid-user
</Location>
Is there a a way to require https to access this Location?
Using a rewrite so far is a problem because to get to the rewrite, you
have to enter the basic auth and that fails the PCI scan because it's
consider cleartext access. But perhaps that just because I've been
trying a .htaccess and we can do it some other way?
Apologies if this is simple. I've been getting bleary eyed looking at
it and might be missing the forest for the trees.
This should be relevant: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslrequiressl Jim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|