Re: Conditionally redirect to HTTPS URL if authorization required?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey James,

Your if-then is technically relatively easy to do with
mod-rewrite. 

However, in real life you are likely to face unexpected
problems when accessing "a diverse and historical range 
of applications" via two different channels, one being
http and one being https. Fully qualified URLs in your
application (a href="http://intranet.example.com/foo";)
will eventually bite you. You can redirect these
GET requests too, but you can not easily redirect 
POST requests.

It is possible that most of these problems can be
solved. One by one. Sometimes you can get along by
reconfiguring the application, sometimes you can
do a rewrite trick, sometimes you have to be really
agressive and rewrite the http response body. It
is a lot of work and it very complicated. I mean
you will learn a real lot about mod-rewrite and
http in general, but do you really want to learn 
that much?

Under the line: I would not attempt this. Stick
with a single access channel and make this channel
https for everyone. This might be annoying to start
out with, but it keeps the complexity to a much
lower level.

regs,

Christian


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux