Re: mod_rewrite redirect to login page

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


>>> On 2014/03/04 at 10:44 AM, in message <5315F4DB.8020500@xxxxxxxxxxx>, Rich
Bowen <rbowen@xxxxxxxxxxx> wrote:

> On 03/03/2014 05:40 PM, Keith Lawson wrote:
>> Hello,
>>    # Redirect to pass through authentication if internal
>>    #
>>    RewriteCond %{REMOTE_ADDR} ^10\..*$
>>    RewriteCond %{LA-U:REMOTE_USER} !(.+)
>>    RewriteRule ^/kltest/env$ https://sso.lhsc.on.ca/signauto/in [NS]
>>    # Redirect to manual authentication if external
>>    #
>>    RewriteCond %{LA-U:REMOTE_USER} !(.+)
>>    RewriteCond %{REMOTE_ADDR}      !^10\..*$
>>    RewriteRule ^/kltest/env$ https://sso.lhsc.on.ca/sign/in [NS]
>> "Site::SSO" is our in house Apache2::AuthCookie auth handler, the 
>> ticket for this is set once you authenticate to one of the pages on 
>> "sso.lhsc.on.ca" and "REMOTE_USER" is set if I remove the rewrite 
>> rules but mod_rewrite never sees anything in "REMOTE_USER". What am I 
>> missing?
>>
> 
> I suspect that you might be able to do the same thing with
> 
> ErrorDocument 403  https://sso.lhsc.on.ca/signauto/in 
> 
> and avoid the convolutions of mod_rewrite here. Assuming your in-house 
> mod_perl auth handler returns a 403 on auth failure.

Actually that's how Apache2::Authcookie works. So with a single login page it redirects to a form that you configure. My challenge here is that I need to redirect to different authentication pages depending on the IP the request comes from. 

I ended up solving the problem by implementing it in the authz handler but unless I'm reading the documentation incorrectly it should be possible with mod_rewrite too.

> 
> --Rich
> 
> 
> -- 
> Rich Bowen - rbowen@xxxxxxxxxxx - @rbowen
> http://apachecon.com/ - @apachecon

 --------------------------------------------------------------------------------
This information is directed in confidence solely to the person named above and may contain confidential and/or privileged material. This information may not otherwise be distributed, copied or disclosed. If you have received this e-mail in error, please notify the sender immediately via a return e-mail and destroy original message. Thank you for your cooperation.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux