You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by mi...@polito.it on 2004/10/01 12:47:08 UTC
[users@httpd] Using both rewrite rules and basic authentication inside .htaccess
I'm using apache 1.3.31 with mod_rewrite and mod_ssl.
Both secure and not-secure server use the same document root.
I want to use both rewrite rules and basic authentication inside a
single .htaccess file with this content:
######## .htaccess #############################################
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=permanent]
AuthName "reserved Area"
AuthType Basic
AuthUserFile /path/to/acl_file
require valid-user
################################################################
for obtaining automatic redirection to the same URL requested but under
SSL (https), when the first connection is not SSL.
Only when the connection is crypted (under SSL) I want enforce the basic
authentication challenge, redirecting automatically to the SSL URL when not.
I tested the two segments (rewrite stuff and authentication stuff)
separately and all works fine, but when combined in the same .htaccess
file only the authentication stuff seem's to work and NOT the rewrite
part, so the client is prompted for login but not over SSL!
Anyone know a working solution for this?
Thanks,
Mauro
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Using both rewrite rules and basic authentication
inside .htaccess
Posted by mi...@polito.it.
I just founded this thread on google (from alt.apache.configuration):
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=415bfff4%240%241894%24afc38c87%40news.easynet.fr&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26group%3Dalt.apache.configuration
with exactly my same problem...
The "possible" solution is clear: with apache 1.3 the module's order
(LoadModule directive) between mod_auth and mod_rewrite may help to
force the priority of rewrite stuff over authentication stuff, but with
apache 2 that's impossible (the auth phase comes BEFORE the rewrite phase).
Mauro
minnoce@polito.it wrote:
> I'm using apache 1.3.31 with mod_rewrite and mod_ssl.
> Both secure and not-secure server use the same document root.
>
> I want to use both rewrite rules and basic authentication inside a
> single .htaccess file with this content:
>
> ######## .htaccess #############################################
> RewriteEngine On
> RewriteCond %{HTTPS} !=on
> RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=permanent]
>
> AuthName "reserved Area"
> AuthType Basic
> AuthUserFile /path/to/acl_file
> require valid-user
> ################################################################
>
> for obtaining automatic redirection to the same URL requested but under
> SSL (https), when the first connection is not SSL.
> Only when the connection is crypted (under SSL) I want enforce the basic
> authentication challenge, redirecting automatically to the SSL URL when
> not.
>
> I tested the two segments (rewrite stuff and authentication stuff)
> separately and all works fine, but when combined in the same .htaccess
> file only the authentication stuff seem's to work and NOT the rewrite
> part, so the client is prompted for login but not over SSL!
>
> Anyone know a working solution for this?
>
> Thanks,
> Mauro
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org