* Mithun Bhattacharya ([EMAIL PROTECTED]) [010919 03:40]: > Stephen Adkins wrote: > > > Is there an easier way to safeguard against Apache prompting for > > a password over HTTP? > > You could keep the secure areas outside the HTTP document root ?? Just a > different DocumentRoot for HTTPS in your VirtualHost or separate > httpd.conf. > > > > Mithun
Well, one solution we were looking at was using two document roots, and linking those directories/apps certified clean to the http docroot. The problem with this is that we have two virtual hosts, same name, different ports (http and https) that basically need to have the same information, with the difference of redirecting some things to the https virtual host if the directory/app is not certified clean by us. This makes for a very long, very intricate Redirect list and each time we need to add to it, we would have to start and stop the server. I figured a more elegant method would be to have the webserver redirect if an .htaccess is present. The only way I can figure on doing this effectively would be a mod_perl module. So, I'm going to write one. Thanks, JJ -- J. J. Horner "H*","6d6174686c696e40326a6e6574776f726b732e636f6d" *************************************************** "H*","6a6a686f726e65724062656c6c736f7574682e6e6574" Freedom is an all-or-nothing proposition: either we are completely free, or we are subjects of a tyrannical system. If we lose one freedom in a thousand, we become completely subjugated.
msg22709/pgp00000.pgp
Description: PGP signature
