Re: Apache 2.4 : Rewrite to keep the original URL

[Marat Khalili <mkh@xxxxxx>]

Best way is to avoid redirects completely: show requested application page if user is authenticated, otherwise show login page. This is what happens if you use apache authentication modules, like mode_auth_basic (warning: SSL is mandatory for it). Some applications use redirects, but pass original url in query string and hidden form fields.

From your scenario it is not clear how application will know that user actually passed login page and not typed application URL directly. Also, you'll need to securely pass user identity from login page to application. Generally, writing your own authentication is not recommended, because it's almost impossible to avoid major security blunders when you do it the first time.
-- 

With Best Regards,
Marat Khalili

On March 11, 2017 4:07:54 PM GMT+03:00, "Fabio S. Schmidt" <fabio@xxxxxxxxxxxxxx> wrote:

Hi,

I'm trying to setup an environment with a frontend interface which login and redirects to my application. 

The scenario is: The user access with webmail.domain.com and the login page redirects to the application, running on the same host, but on port 81.

How could I keep the original URL? I mean, the browser should keep the "webmail.domain.com" as the address.

My Apache configuration: 

<VirtualHost *:443>

DocumentRoot "/var/www/html/login_domain"

DirectoryIndex index.html *.php

ServerName webmail.domain.com

SSLEngine on

SSLCertificateFile /etc/ssl/crt/apache.crt

SSLCertificateKeyFile /etc/ssl/crt/apache.key

        SSLCertificateChainFile /etc/ssl/crt/ca.crt

</VirtualHost>

<VirtualHost *:80>

DocumentRoot "/var/www/html/login_domain"

DirectoryIndex index.html *.php

ServerName  webmail.domain.com

</VirtualHost>

Kind regards.

Fabio S. Schmidt