Hi, I am wondering if there is a satisfactory solution to the following challenge. I have an existing internal services website, running a diverse and historical range of applications within the organisation and its umbrella organisation. Various portions of the site (including the home page, but not including many subareas) are protected with BASIC authentication accessed historically within our local networks only. However, the client base extends beyong our internal network. To facilitate and protect remote access, we wish to use X509 certified & encrypted sessions. We have an SSL certificate and mod_ssl is running under Apache 2.0.x. A VPN is not the solution that fits our circumstances or use cases. We hope to avoid a complete redesign/rebadge/redevelopment of the site. However, our difficulty is that we want clients to use SSL when, and only when, a password-protected area is accessed from outside our LAN. In other works, we 'simply' want to ensure that any time a BASIC-protected username/password resource is requested, the user MUST either be using SSL or be on our internal networks. In other words, "IF (client used the http virtual host) AND (authentication is required) AND (the client address is not part of a designated network) THEN (redirect the client to the https virtual host) ELSE (continue with request) ENDIF." There is no other circumstance in which SSL is required (in fact, it is deliterious in many of our circumstances). Naturally, I would like to configure this requirement as a virtual-host rule without having to remember to implant it into every .htaccess in the site. It's okay if we have to do some coding (e.g., write a small module), but I wouldn't know where to start. Do you know of any inventive (or pre-existing!!!) solution that would work with an existing site? Regards, James. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|