RE: [users@httpd] How to redirect to SSL if authentication is requested

"Neulinger, Nathan" <nneul@xxxxxxx> · Mon, 24 Jul 2006 12:06:35 -0500

Well, I came up with a simple module to do this... I'd be open to
feedback if anyone wants to take a look. (It's tiny/simple.)

"AuthRedirSSL on" in a location/dir/htaccess block will cause requests
to be redirected to the SSL side of the vhost if any AuthType is
defined.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@xxxxxxx
University of Missouri - Rolla         Phone: (573) 341-6679
UMR Information Technology             Fax: (573) 341-4216

> -----Original Message-----
> From: Boysenberry Payne [mailto:boysenberry@xxxxxxxxxxxxxxx] 
> Sent: Monday, July 24, 2006 10:16 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re: [users@httpd] How to redirect to SSL if 
> authentication is requested
> 
> I have a similar issue.
> 
> What I do is have a particular rewrite "log/"
> whenever someone uses log/ in their script it will sent them
> to our authentication page.  Its the only way I've figured
> out how to do what you're saying.  If they request any "secure"
> pages and they're not "logged in" then they get the login page
> otherwise it sends them on their marry way.  Of course, the 
> whole system
> our clients are using is served up by a central set of code so
> that is easy for us.
> 
> The drawback is if they use an .htaccess file with a log/ redirect
> it will override ours.  One has so far though.  Maybe a really obscure
> redirect would work.  I have our redirects hardwired into our 
> httpd.conf
> file to prevent them from messing our rewrite up.
> 
> Without really knowing how you and your clients interact while serving
> files its hard for me to come up with a solution for your particular 
> situation
> though.
> 
> 
> Thanks,
> Boysenberry
> 
> boysenberrys.com | habitatlife.com | selfgnosis.com
> 
> On Jul 24, 2006, at 10:00 AM, Neulinger, Nathan wrote:
> 
> > Unfortunately, I don't have control over the .htaccess 
> files that are
> > being created by our users. If we did, would be easy enough to just
> > force them all to update their configs.
> >
> > -- Nathan
> >
> > ------------------------------------------------------------
> > Nathan Neulinger                       EMail:  nneul@xxxxxxx
> > University of Missouri - Rolla         Phone: (573) 341-6679
> > UMR Information Technology             Fax: (573) 341-4216
> >
> >
> >> -----Original Message-----
> >> From: Boysenberry Payne [mailto:boysenberry@xxxxxxxxxxxxxxx]
> >> Sent: Monday, July 24, 2006 9:59 AM
> >> To: users@xxxxxxxxxxxxxxxx
> >> Subject: Re: [users@httpd] How to redirect to SSL if
> >> authentication is requested
> >>
> >> I think you'll have to use your own authentication script 
> or in other
> >> words
> >> you'll have to authenticate only after you see that 
> authentication is
> >> needed
> >> rather than automatically based off of access settings.
> >>
> >> A script that can tell whether or not someone is using https and
> >> whether or
> >> not they've authenticated would do the trick.
> >>
> >> Thanks,
> >> Boysenberry
> >>
> >> boysenberrys.com | habitatlife.com | selfgnosis.com
> >>
> >> On Jul 24, 2006, at 9:31 AM, Neulinger, Nathan wrote:
> >>
> >>> Is there any straightforward way to tell apache (2.0 build
> >> from RHEL)
> >>> to
> >>> redirect if authentication is requested?
> >>>
> >>> I want to prevent any use of Basic auth on the
> >> cleartext/http side of
> >>> the vhost. I can do that easily by disabling AuthConfig 
> overrides on
> >>> that vhost. However, this results in all pages breaking
> >> that were using
> >>> that support.
> >>>
> >>> What I'd like to be able to do is cause any use of AuthInfo
> >> on the http
> >>> host to immediately generate a redirect response to the 
> same server
> >>> name, port 443.
> >>>
> >>> Is this possible?
> >>>
> >>> -- Nathan
> >>>
> >>> ------------------------------------------------------------
> >>> Nathan Neulinger                       EMail:  nneul@xxxxxxx
> >>> University of Missouri - Rolla         Phone: (573) 341-6679
> >>> UMR Information Technology             Fax: (573) 341-4216
> >>>
> >>>
> >>>
> >> 
> ---------------------------------------------------------------------
> >>> The official User-To-User support forum of the Apache HTTP Server
> >>> Project.
> >>> See <URL:http://httpd.apache.org/userslist.html> for more info.
> >>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >>>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> >>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >>>
> >>>
> >>>
> >>
> >>
> >> 
> ---------------------------------------------------------------------
> >> The official User-To-User support forum of the Apache HTTP
> >> Server Project.
> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >>
> >>
> >>
> >
> >
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server 
> > Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >
> >
> >
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 
> 