[users@httpd] Password

[Marco Supino <ma...@sd.com>]

Hi,

Running Apache 1.3.26 on Solaris.

I am tring to setup a user authentication from within a HTML file, i
used a javascript so i can forward to the right directory the username
and password entered in a "form" (for example
http://user:password@www.XX.com/secured), this works great if the
username and password are correct,

Is there any way of not asking for the password the second time if the
first fails ? (if it fails, apache pops up the username/password window,
which i dont want),

I think of using mod_rewrite to change error 401 to 403, but didnt have
much luck with it, any better idea ? or an example would be great.

Thanks.

Re: [users@httpd] Password

[JP <jp...@msfree.ca>]

> Marco Supino wrote:
>
>Hi,
>
>Running Apache 1.3.26 on Solaris.
>
>I am tring to setup a user authentication from within a HTML file, i
> used a javascript so i can forward to the right directory the username
> and password entered in a "form" (for example
>http://user:password@www.XX.com/secured), this works great if the
> username and password are correct,
>

I had problem with this because user were putting a "@" in their
password. So a user accessing http://user:p@ssword@www.XX.com/secured
with the username user and password p@ssword will be unable to login in.

Thanks,

JP
jp@msfree.ca



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Password

["J. Greenlees" <ja...@shaw.ca>]

Marco Supino wrote:

>Hi,
>
>Running Apache 1.3.26 on Solaris.
>
>I am tring to setup a user authentication from within a HTML file, i
>used a javascript so i can forward to the right directory the username
>and password entered in a "form" (for example
>http://user:password@www.XX.com/secured), this works great if the
>username and password are correct,
>
>Is there any way of not asking for the password the second time if the
>first fails ? (if it fails, apache pops up the username/password window,
>which i dont want),
>
>I think of using mod_rewrite to change error 401 to 403, but didnt have
>much luck with it, any better idea ? or an example would be great
>

I know what you are trying to do works with php/miva and a db driven 
site ( the community / portal sites have a limiter on the number of bad 
password attempts, one then site blocks the offending ip )
not sure if you can get apache itself to put this limit in place.

>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] RewriteRule

[Alexander Schmidt <as...@i5.informatik.rwth-aachen.de>]

Hello!
I have installed Apache 2.0 on Windows 2000.
I have made a Redirection with RewriteRule.
My problem is that Apache shows me the new URL in the browser, but I want
that the user sees the URL which he has typed in. My RewriteRule is :

RewriteRule / http://rerich:8080/opencms/opencms/COLAN/home.html

And I want that the user doesn´t see in the browser
http://rerich:8080/opencms/opencms/COLAN/home.html.

Does anyone has an idea?

Thanks
     A. Schmidt



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org