https://issues.apache.org/bugzilla/show_bug.cgi?id=45801
Summary: SSLRequireSSL with strictrequire and satisfy any does
not behave as expected
Product: Apache httpd-2
Version: 2.2.9
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
I would like to achieve the following behavior:
On a http server, a subdirectory should only be accessible via https
If http is tried, the user should be automatically redirected to the https page
>From the intranet the subtree is accessible without authentication
>From the internet the subtree needs authentication
My config:
<Location /opendb>
# Network Access Control
Order Deny,Allow
Deny from all
Allow from 192.168.0
Allow from 127.0.0.1
# Authentication
AuthType Basic
AuthName "Open Media Database"
AuthUserFile /var/svn/conf/svnbackupusers
Require valid-user
# Allow Network Access and/or Basic Auth
Satisfy Any
# Require HTTPS and redirect if HTTP is used
SSLRequireSSL
SSLOptions +StrictRequire
ErrorDocument 403 /bin/httpsredirect.php
</Location>
The behavior i get is the following:
from the intranet (192.168.0.x) the page behaves as expected, redirecting the
user to the https page without authentication
however from the internet, the user is asked to authenticate, but is not
redirected to the https page (resulting in plain text transfer of username and
password)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
