Dear all,
I’m trying to figure out how I can give access to documents by combining SSL and basic user authentication. The following is from my httpd config:
<Directory "${WEBAPPS_ROOT}/test/user">
AllowOverride None
Options None
AuthType Basic
AuthName "Test User"
AuthBasicProvider dbd
AuthDBDUserPWQuery "select human.get_user_password(%s);"
AuthzDBDQuery "select human.get_user_groups(%s);"
Require ssl
Require dbd-group user
</Directory>
The “Require ssl” denies access to the document for normal http:// connections which is what I want. But it allows accessing the documents without doing any authentication if I do use a https:// connection. My goal is to have an SSL connection but still it’s required to authenticate.
If I remove the “Require ssl” then the authentication works as expected but then a normal http:// connection is possible also. I want to avoid, for the obvious reason, that with basic authentication the password is send unencrypted (just the standard base64 encoding according to the HTTP specification).
BTW, I though that “Satisfy all” would solve this issue but it does not.
Or is the rewrite trick where http:// connections are redirected to https:// connections sufficient? I somehow have the idea it’s not but I can’t put my finger on that. Any insights on this would also be appreciated.
Any hints would be appreciated.
Cheers,
Richard
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|