Re: [users@httpd] How to redirect to SSL if authentication is requested

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have a similar issue.

What I do is have a particular rewrite "log/"
whenever someone uses log/ in their script it will sent them
to our authentication page.  Its the only way I've figured
out how to do what you're saying.  If they request any "secure"
pages and they're not "logged in" then they get the login page
otherwise it sends them on their marry way.  Of course, the whole system
our clients are using is served up by a central set of code so
that is easy for us.

The drawback is if they use an .htaccess file with a log/ redirect
it will override ours.  One has so far though.  Maybe a really obscure
redirect would work.  I have our redirects hardwired into our httpd.conf
file to prevent them from messing our rewrite up.

Without really knowing how you and your clients interact while serving
files its hard for me to come up with a solution for your particular situation
though.


Thanks,
Boysenberry

boysenberrys.com | habitatlife.com | selfgnosis.com

On Jul 24, 2006, at 10:00 AM, Neulinger, Nathan wrote:

Unfortunately, I don't have control over the .htaccess files that are
being created by our users. If we did, would be easy enough to just
force them all to update their configs.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@xxxxxxx
University of Missouri - Rolla         Phone: (573) 341-6679
UMR Information Technology             Fax: (573) 341-4216


-----Original Message-----
From: Boysenberry Payne [mailto:boysenberry@xxxxxxxxxxxxxxx]
Sent: Monday, July 24, 2006 9:59 AM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] How to redirect to SSL if
authentication is requested

I think you'll have to use your own authentication script or in other
words
you'll have to authenticate only after you see that authentication is
needed
rather than automatically based off of access settings.

A script that can tell whether or not someone is using https and
whether or
not they've authenticated would do the trick.

Thanks,
Boysenberry

boysenberrys.com | habitatlife.com | selfgnosis.com

On Jul 24, 2006, at 9:31 AM, Neulinger, Nathan wrote:

Is there any straightforward way to tell apache (2.0 build
from RHEL)
to
redirect if authentication is requested?

I want to prevent any use of Basic auth on the
cleartext/http side of
the vhost. I can do that easily by disabling AuthConfig overrides on
that vhost. However, this results in all pages breaking
that were using
that support.

What I'd like to be able to do is cause any use of AuthInfo
on the http
host to immediately generate a redirect response to the same server
name, port 443.

Is this possible?

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@xxxxxxx
University of Missouri - Rolla         Phone: (573) 341-6679
UMR Information Technology             Fax: (573) 341-4216



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP
Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux