| View previous topic :: View next topic |
| Author |
Message |
msalerno
Veteran
Joined: 17 Dec 2002
Posts: 1338
Location: Sweating in South Florida
|
 Posted: Wed Sep 22, 2010 7:19 pm Post subject: force apache auth over ssl |
 |
|
[/code]What is happening with the below config is that the user is prompted to log in prior to the redirect. Which is not good. As a workaround, I have forced the entire site to be redirected to https, but that's a little bit of an overkill. The question is, how can I force the redirect to happen before the auth request and keep all configs specific to /svn in the same file: /etc/apache2/modules.d/47_mod_dav_svn.conf ?
| Code: | <Location /svn>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
DAV svn
AuthzSVNAccessFile /etc/apache2/svn-acl-conf
SVNParentPath /var/svn
AuthType Kerberos
AuthName "Subversion repository"
KrbMethodNegotiate On
KrbAuthRealms FOO.BAR
Krb5KeyTab /etc/krb5.keytab
Require valid-user
</Location>
|
|
|
| Back to top |
|
 |
gerdesj
l33t
Joined: 29 Sep 2005
Posts: 622
Location: Yeovil, Somerset, UK
|
| Posted: Sat Sep 25, 2010 11:12 am Post subject: Re: force apache auth over ssl |
|
|
This blog entry describes the situation nicely and seems to provide the fix:
http://blog.jozjan.net/2008/02/htaccess-redirect-to-ssl-https-before.html
Read the whole post including the links for lots of information on this.
Hint: I suspect the poster who suggests moving the redirect outside of the directory stanza is correct.
Cheers
Jon |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
