Noobie Htaccess/ SSL authentication
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Title: Noobie Htaccess/ SSL authentication
Excuse me for my ignorance on Apache up front and sorry if this email is duplicated....
Here Is my situation (hopefully Im explaining it correctly).
We have an apache 2 server, using AuthLDAP for htaccess user/pass.
I am trying to set it up so that if a user goes to a page which requires
authentication that that htaccess login is forced to to HTTPS/SSL so it=B9s
not clear text.
For example.(folder names are not specific, examples only)
http://Www.mydomain.com/secure
This page requires LDAP auth but since the user didn=B9t type HTTPS its clear
text.
How can I force Apache to say OK, this isnt HTTPS, redirect to HTTPS and
then pop the login box and its not clear text?
I have tried all of these below
* RewriteCond %{SERVER_PORT} !^443$ RewriteRule .*
https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
This pops the login box but only after it shows the content of the page
first. =B3hello world=B2
* SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "mydomain.com"
This fails to load any page if the user doesn=B9t explicitly type HTTPS in
browser.
So what I=B9m looking to do is say:
User types in http://www.mydomain.com/secure
Apache says OK, that folder requires AUTH, lets first go to HTTPS, require
LDAP login then show the page.
Hope this makes sense.
Regards,
Tony
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
