You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "J. Bakshi" <jo...@infoservices.in> on 2009/10/27 07:37:11 UTC
[users@httpd] redirect occurs after authorization !!!
Hello list,
I have finally able to redirect the viewvc ( svn viewer ) to https. here
is the configuration
``````````````````````````````
ScriptAlias /test /usr/lib/cgi-bin/viewvc.cgi
<Location /test>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
AuthType Basic
AuthName "requires a password"
AuthUserFile /home/svn/PASSWD
Require valid-user
</Location>
```````````````````````````````````````````
This is working fine for both internet and intranet. But I have found
it first check the authorization through http connection and after
getting the right password it redirects to https version. Can I
redirect to http before authentication ?
Please let me know.
Thanks
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] redirect occurs after authorization !!!
Posted by "J. Bakshi" <jo...@infoservices.in>.
Tom Evans wrote:
> On Tue, 2009-10-27 at 12:07 +0530, J. Bakshi wrote:
>
>> Hello list,
>>
>> I have finally able to redirect the viewvc ( svn viewer ) to https. here
>> is the configuration
>>
>> ``````````````````````````````
>> ScriptAlias /test /usr/lib/cgi-bin/viewvc.cgi
>>
>> <Location /test>
>> RewriteEngine on
>> RewriteCond %{HTTPS} off
>> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>>
>> AuthType Basic
>> AuthName "requires a password"
>> AuthUserFile /home/svn/PASSWD
>> Require valid-user
>> </Location>
>> ```````````````````````````````````````````
>>
>> This is working fine for both internet and intranet. But I have found
>> it first check the authorization through http connection and after
>> getting the right password it redirects to https version. Can I
>> redirect to http before authentication ?
>> Please let me know.
>> Thanks
>>
>>
>
> I think I'm missing something. If you aren't supposed to access this
> resource, except through SSL and after authentication, then surely this
> is trivial.
> Simply set up 2 vhosts, one SSL, one non-SSL. In the non-SSL vhost,
> redirect to the SSL vhost and don't have any authentication. In the SSL
> vhost, you can have your script and AAA setup.
>
>
Hello Tom,
Thanks, yes it is another workaround.
cheers.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] redirect occurs after authorization !!!
Posted by Tom Evans <te...@googlemail.com>.
On Tue, 2009-10-27 at 12:07 +0530, J. Bakshi wrote:
> Hello list,
>
> I have finally able to redirect the viewvc ( svn viewer ) to https. here
> is the configuration
>
> ``````````````````````````````
> ScriptAlias /test /usr/lib/cgi-bin/viewvc.cgi
>
> <Location /test>
> RewriteEngine on
> RewriteCond %{HTTPS} off
> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>
> AuthType Basic
> AuthName "requires a password"
> AuthUserFile /home/svn/PASSWD
> Require valid-user
> </Location>
> ```````````````````````````````````````````
>
> This is working fine for both internet and intranet. But I have found
> it first check the authorization through http connection and after
> getting the right password it redirects to https version. Can I
> redirect to http before authentication ?
> Please let me know.
> Thanks
>
I think I'm missing something. If you aren't supposed to access this
resource, except through SSL and after authentication, then surely this
is trivial.
Simply set up 2 vhosts, one SSL, one non-SSL. In the non-SSL vhost,
redirect to the SSL vhost and don't have any authentication. In the SSL
vhost, you can have your script and AAA setup.
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] redirect occurs after authorization !!!
Posted by Krist van Besien <kr...@gmail.com>.
On Tue, Oct 27, 2009 at 11:33 AM, J. Bakshi <jo...@infoservices.in> wrote:
> ```````````````````````
> access to /usr/lib/cgi-bin/viewvc.cgi failed, reason: SSL connection
> required
> ```````````````````````````````````````
>
> This is ok as redirection is not working here. Do you have any idea ? My
> previous config with <Location> could did the redirection though.
Hmm. I'm not sure if aliases preempt rewriterules. Maybe that is the
problem. I asume everything works if you access directly over https?
ie, after entering https:/<hostname>/test you are prompted for
authentication info, and then see viewvc?
Normally if you have set up your config the usual way you should have
two virtual hosts in your config, one for http, one for https. What
you could do is add the RewriteRule to the http vhost, and the rest to
the https vhost. That is how I would do it anyway.
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] redirect occurs after authorization !!!
Posted by Krist van Besien <kr...@gmail.com>.
On Tue, Oct 27, 2009 at 11:33 AM, J. Bakshi <jo...@infoservices.in> wrote:
> ```````````````````````
> access to /usr/lib/cgi-bin/viewvc.cgi failed, reason: SSL connection
> required
> ```````````````````````````````````````
>
> This is ok as redirection is not working here. Do you have any idea ? My
> previous config with <Location> could did the redirection though.
Hmm. I'm not sure if aliases preempt rewriterules. Maybe that is the
problem. I asume everything works if you access directly over https?
ie, after entering https:/<hostname>/test you are prompted for
authentication info, and then see viewvc?
Normally if you have set up your config the usual way you should have
two virtual hosts in your config, one for http, one for https. What
you could do is add the RewriteRule to the http vhost, and the rest to
the https vhost. That is how I would do it anyway.
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] redirect occurs after authorization !!!
Posted by "J. Bakshi" <jo...@infoservices.in>.
Krist van Besien wrote:
> On Tue, Oct 27, 2009 at 7:37 AM, J. Bakshi <jo...@infoservices.in> wrote:
>
>> Hello list,
>>
>> I have finally able to redirect the viewvc ( svn viewer ) to https. here
>> is the configuration
>>
>> ``````````````````````````````
>> ScriptAlias /test /usr/lib/cgi-bin/viewvc.cgi
>>
>> <Location /test>
>> RewriteEngine on
>> RewriteCond %{HTTPS} off
>> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>>
>> AuthType Basic
>> AuthName "requires a password"
>> AuthUserFile /home/svn/PASSWD
>> Require valid-user
>> </Location>
>> ```````````````````````````````````````````
>>
>> This is working fine for both internet and intranet. But I have found
>> it first check the authorization through http connection and after
>> getting the right password it redirects to https version. Can I
>> redirect to http before authentication ?
>>
>
> A couple of notes:
>
> - Using <Location> to protect a resource on the local filesystem is a
> absolutely bad idea. Your script might be accessible via another URL.
> - Your rewrite rule does indeed do the correct redirection, but will
> only do this after authentication. This because that is how you've
> configured it. You've told your server to require authentication from
> anyone accessing /test and this your server does. Authentication
> happens very early in request processing, before rewriting.
>
> A better way:
>
> ScriptAlias /test /usr/lib/cgi-bin/viewvc.cgi
>
> RewriteEngine on
>
> RewriteCond %{HTTPS} off
> RewriteRule /test.* https://%{HTTP_HOST}%{REQUEST_URI} [R]
>
> <Directory /usr/lib/cgi-bin/ >
> <Files viewvc.cgi>
> SSLRequireSSL
> AuthType Basic
> AuthName "requires a password"
> AuthUserFile /home/svn/PASSWD
> Require valid-user
> </Files>
> </Directory>
>
> HTH,
>
> Krist
>
>
Hello Krist,
I must give you a words of thanks for showing me the right track. Also
grateful to you for your clarification. I have replaced my code with
yours. But the redirect is not working with this code. apache log reports
```````````````````````
access to /usr/lib/cgi-bin/viewvc.cgi failed, reason: SSL connection
required
```````````````````````````````````````
This is ok as redirection is not working here. Do you have any idea ? My
previous config with <Location> could did the redirection though.
Thanks
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] redirect occurs after authorization !!!
Posted by Krist van Besien <kr...@gmail.com>.
On Tue, Oct 27, 2009 at 7:37 AM, J. Bakshi <jo...@infoservices.in> wrote:
> Hello list,
>
> I have finally able to redirect the viewvc ( svn viewer ) to https. here
> is the configuration
>
> ``````````````````````````````
> ScriptAlias /test /usr/lib/cgi-bin/viewvc.cgi
>
> <Location /test>
> RewriteEngine on
> RewriteCond %{HTTPS} off
> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>
> AuthType Basic
> AuthName "requires a password"
> AuthUserFile /home/svn/PASSWD
> Require valid-user
> </Location>
> ```````````````````````````````````````````
>
> This is working fine for both internet and intranet. But I have found
> it first check the authorization through http connection and after
> getting the right password it redirects to https version. Can I
> redirect to http before authentication ?
A couple of notes:
- Using <Location> to protect a resource on the local filesystem is a
absolutely bad idea. Your script might be accessible via another URL.
- Your rewrite rule does indeed do the correct redirection, but will
only do this after authentication. This because that is how you've
configured it. You've told your server to require authentication from
anyone accessing /test and this your server does. Authentication
happens very early in request processing, before rewriting.
A better way:
ScriptAlias /test /usr/lib/cgi-bin/viewvc.cgi
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule /test.* https://%{HTTP_HOST}%{REQUEST_URI} [R]
<Directory /usr/lib/cgi-bin/ >
<Files viewvc.cgi>
SSLRequireSSL
AuthType Basic
AuthName "requires a password"
AuthUserFile /home/svn/PASSWD
Require valid-user
</Files>
</Directory>
HTH,
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org