Re: redirect occurs after authorization !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Oct 27, 2009 at 7:37 AM, J. Bakshi <joydeep@xxxxxxxxxxxxxxx> wrote:
> Hello list,
>
> I have finally able to redirect the viewvc ( svn viewer ) to https. here
> is the configuration
>
> ``````````````````````````````
> ScriptAlias /test  /usr/lib/cgi-bin/viewvc.cgi
>
> <Location /test>
> RewriteEngine   on
> RewriteCond %{HTTPS} off
> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>
> AuthType Basic
> AuthName "requires a password"
> AuthUserFile /home/svn/PASSWD
> Require valid-user
> </Location>
> ```````````````````````````````````````````
>
> This is working fine for both internet and intranet.  But  I have found
> it first check the authorization through http connection and after
> getting the right password it redirects  to https version.  Can I
> redirect  to http before authentication  ?

A couple of notes:

- Using <Location> to protect a resource on the local filesystem is a
absolutely bad idea. Your script might be accessible via another URL.
- Your rewrite rule does indeed do the correct redirection, but will
only do this after authentication. This because that is how you've
configured it. You've told your server to require authentication from
anyone accessing /test and this your server does. Authentication
happens very early in request processing, before rewriting.

A better way:

ScriptAlias /test  /usr/lib/cgi-bin/viewvc.cgi

RewriteEngine   on

RewriteCond %{HTTPS} off
RewriteRule /test.* https://%{HTTP_HOST}%{REQUEST_URI} [R]

<Directory  /usr/lib/cgi-bin/ >
     <Files viewvc.cgi>
         SSLRequireSSL
         AuthType Basic
        AuthName "requires a password"
        AuthUserFile /home/svn/PASSWD
        Require valid-user
     </Files>
</Directory>

HTH,

Krist

-- 
krist.vanbesien@xxxxxxxxx
krist@xxxxxxxxxxxxx
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux