LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-09-2009, 04:30 PM   #1
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian
Posts: 462

Rep: Reputation: 39
apache: basic auth over ssl (redirected)


If I have a redirect rule for a certain directory (either through httpd.conf or an .htaccess file) that redirects all http requests to https, then the basic authorization dialogue for apache should be over an ssl connection.

It seems like this should be the case in theory. Does anyone know if this is not what actually happens?

Thanks

Last edited by mattydee; 11-09-2009 at 07:31 PM. Reason: spelling
 
Old 11-09-2009, 05:52 PM   #2
janoszen
Member
 
Registered: Oct 2009
Location: Budapest
Distribution: Mostly Gentoo, sometimes Debian/(K)Ubuntu
Posts: 143

Rep: Reputation: 22
Theory

You should have separate virtualhosts for SSL and non-SSL vhosts, that should do the trick.
 
Old 11-09-2009, 06:13 PM   #3
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
You could also add the SSLRequireSSL directive to that directory. (In that case, regular http requests will get access denied.)
 
Old 11-09-2009, 07:43 PM   #4
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian
Posts: 462

Original Poster
Rep: Reputation: 39
Thanks for the replies.

Just to be clear:
I have a main, non-secure page, with a private subfolder (eg: www.foobar.com/private) that requires ssl and apache basic authentication. I just want to make sure that when a user moves from the non-secure main page to the private area, the basic authentication will happen through ssl.

I think this is what happens with the way I have things setup now (as described in the original post). The virtual host is probably the best solution, but just so I understand:

in the httpd.conf file, would I have to put the redirect rule (using mod_rewrite to ensure ssl) before the <Directory> basic authentication rule? Does order matter in this case?
 
Old 11-09-2009, 11:02 PM   #5
janoszen
Member
 
Registered: Oct 2009
Location: Budapest
Distribution: Mostly Gentoo, sometimes Debian/(K)Ubuntu
Posts: 143

Rep: Reputation: 22
Order

Order does not matter, however, you must specify your rewrite rule in the root of the vhost (not in the Directory section or .htaccess).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SMTP Server with SSL auth Penn Linux - Server 1 04-06-2009 03:51 AM
virtual hosts and basic auth j-ray Linux - Server 2 05-10-2008 10:59 AM
[PROFTPD] LDAP vs basic auth. Creak Linux - Security 1 09-21-2004 07:52 PM
basic auth in apache CodeGeek Linux - Newbie 2 04-14-2004 09:27 AM
Apache 1.3 and basic auth luger Linux - Networking 4 05-17-2002 05:06 PM


All times are GMT -5. The time now is 10:41 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration