Joshua Gerth <[EMAIL PROTECTED]> writes:
> So, I am running a mod_perl/mod_ssl enabled Apache web server.
> The home page (and several other unprotected pages) need to listen on both
> the encrypted port 443 and non-encrypted port 80. However, I would like
> to force all authentication requests to go through the encrypted side so
> the passwords is never passed in plain text.
We do this via an old-fashioned 403 handler on the unencrypted side
that returns a 302 redirect to an https URL. The vhost for the
encrypted side overrides the 403 handler with our standard handler.
--
Dan Riley [EMAIL PROTECTED]
Wilson Lab, Cornell University <URL:http://www.lns.cornell.edu/~dsr/>
"History teaches us that days like this are best spent in bed"
