> 
> Howdy,
> 
>  So, I am running a mod_perl/mod_ssl enabled Apache web server.  The
> home page (and several other unprotected pages) need to listen on
> both the encrypted port 443 and non-encrypted port 80.  However, I
> would like to force all authentication requests to go through the
> encrypted side so the passwords is never passed in plain text.
> 
>  In the past I have done this by adding a mod_rewrite for each area
> which I knew was protected.  Is there any way I can do this in a
> more dynamic fashion? 
> 

Well,,..... this may not be elegant, but I use a straight forward 
approach of using an include config file for the use that is 
identical for both port 80 and 443. The login.pl file on the port 80 
side simply redirects to https:URL passing a variable that indicates 
the original target to the real login script. After the login the 
script returns to the target as it would normally. This is pretty 
simple at least for me as nothing differs except the two login.pl 
scripts.
[EMAIL PROTECTED]

Reply via email to