So why not have a VirtualHost listening on port 80 then do a redirect
on port 443 (https) where you have AuthConfig in? In that manner, you
would only have authentication after the redirect on port 443?
2005/6/24, Stephen Shirley <diamond at skynet.ie>:
> Conall O'Brien wrote:
> > On Thu, Jun 23, 2005 at 02:42:13PM IST, Stephen Shirley
> > <diamond at skynet.ie> incoherently babbled:
> >>However, what happens is that i'm prompted for the username and password
> >>before i'm redirected to ssl, which is useless. Is there any way i can
> >>get the rewrite to happen before the auth? Thanks,
> > I'm not an expert with Apache by any means, but what if you had a
> > RedirectMatch in place to force http traffic over to https instead of
> > the Rewrite rule?
>> The main issue with that is that the site can be accessed by various
> names, in particular, www.site.tld, www.ipv4.site.tld, and
> www.ipv6.site.tld. Using RedirectMatch doesn't give me the ability to
> not stomp on the users choice of sitename (and hence on the users
> explicit choice in ip versions, which can be important).
>> > I'm sure there's a much better way, if someone is happy to share it...
>> Aye, i'm hoping so. In the mean time i've had to resort to leaving out
> the rewrite stuff (as it doesn't get used, grr), and just putting in
> 'SSLRequireSSL', which denies access if ssl is not used. It's secure,
> but not a great solution -(
> Irish Linux Users' Group
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!