Re: [users@httpd] How to redirect to SSL if authentication is requested

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] How to redirect to SSL if authentication is requested
From: Boysenberry Payne <boysenberry@xxxxxxxxxxxxxxx>
Date: Mon, 24 Jul 2006 10:16:11 -0500
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxx
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxxxx
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
In-reply-to: <A7704766F9EE3949B30D5BF6297999A2026DAB37@xxxxxxxxxxxxxxxxxx>
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
References: <A7704766F9EE3949B30D5BF6297999A2026DAB37@xxxxxxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

I have a similar issue.

What I do is have a particular rewrite "log/"
whenever someone uses log/ in their script it will sent them
to our authentication page.  Its the only way I've figured
out how to do what you're saying.  If they request any "secure"
pages and they're not "logged in" then they get the login page
otherwise it sends them on their marry way.  Of course, the whole system
our clients are using is served up by a central set of code so
that is easy for us.

The drawback is if they use an .htaccess file with a log/ redirect
it will override ours.  One has so far though.  Maybe a really obscure
redirect would work.  I have our redirects hardwired into our httpd.conf
file to prevent them from messing our rewrite up.

Without really knowing how you and your clients interact while serving

files its hard for me to come up with a solution for your particularsituation

though.


Thanks,
Boysenberry

boysenberrys.com | habitatlife.com | selfgnosis.com

On Jul 24, 2006, at 10:00 AM, Neulinger, Nathan wrote:

Unfortunately, I don't have control over the .htaccess files that are
being created by our users. If we did, would be easy enough to just
force them all to update their configs.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@xxxxxxx
University of Missouri - Rolla         Phone: (573) 341-6679
UMR Information Technology             Fax: (573) 341-4216

-----Original Message-----
From: Boysenberry Payne [mailto:boysenberry@xxxxxxxxxxxxxxx]
Sent: Monday, July 24, 2006 9:59 AM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] How to redirect to SSL if
authentication is requested

I think you'll have to use your own authentication script or in other
words
you'll have to authenticate only after you see that authentication is
needed
rather than automatically based off of access settings.

A script that can tell whether or not someone is using https and
whether or
not they've authenticated would do the trick.

Thanks,
Boysenberry

boysenberrys.com | habitatlife.com | selfgnosis.com

On Jul 24, 2006, at 9:31 AM, Neulinger, Nathan wrote:

Is there any straightforward way to tell apache (2.0 build

from RHEL)

to
redirect if authentication is requested?

I want to prevent any use of Basic auth on the

cleartext/http side of

the vhost. I can do that easily by disabling AuthConfig overrides on
that vhost. However, this results in all pages breaking

that were using

that support.

What I'd like to be able to do is cause any use of AuthInfo

on the http

host to immediately generate a redirect response to the same server
name, port 443.

Is this possible?

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@xxxxxxx
University of Missouri - Rolla         Phone: (573) 341-6679
UMR Information Technology             Fax: (573) 341-4216

---------------------------------------------------------------------

The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP
Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------

The official User-To-User support forum of the Apache HTTP ServerProject.

See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

Follow-Ups:
- RE: [users@httpd] How to redirect to SSL if authentication is requested
  - From: Neulinger, Nathan

References:
- RE: [users@httpd] How to redirect to SSL if authentication is requested
  - From: Neulinger, Nathan

Prev by Date: [users@httpd] Alias and Rewrite directives
Next by Date: Re: [users@httpd] Alias and Rewrite directives
Previous by thread: RE: [users@httpd] How to redirect to SSL if authentication is requested
Next by thread: RE: [users@httpd] How to redirect to SSL if authentication is requested
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]