It seems that the First Basic auth is checked and then
SSLRequireSSL... Thus first Apache determines that BA
is needed and askes for it immediatly.
I guess nothing you can change...
[EMAIL PROTECTED] schrieb:
>
> Full_Name: Peter Perkins
> Version: 2.2.7
> OS: irix 5.3
> Submission from: falstaff.ucsd.edu (199.105.13.29)
>
> using Apache/1.3.6 (Unix) mod_ssl/2.2.7 OpenSSL/0.9.2b, i find that:
>
> <Directory /usr/local/apache/htdocs/secure>
> SSLRequireSSL
> ErrorDocument 403 /error.html
> AllowOverride None
> Options IncludesNOEXEC ExecCGI
> Order deny,allow
> Deny from all
> Allow from x.x.x
> </Directory>
>
> works just as i want, that is, only https connections from the
> specified IP range are allowed in this directory and http
> connections are redirected to the error page. but when i add
> directives for user password authentication into the same
> <Directory> spec:
>
> <Directory /usr/local/apache/htdocs/secure>
> SSLRequireSSL
> ErrorDocument 403 /error.html
> AllowOverride None
> Options IncludesNOEXEC ExecCGI
> Order deny,allow
> Deny from all
> Allow from x.x.x
> AuthType Basic
> AuthUserFile /usr/local/apache/somewhere/passfile
> AuthName "somename"
> Require valid-user
> Satisfy any
> </Directory>
>
> http connections are presented with a password dialog and valid
> users are allowed unencrypted connections. for a _single_ attempt
> at http://www.somewhere.dom/secure/file.html, the error_log
> shows _two_ accesses
>
> [Thu Apr 8 11:10:11 1999] [error] access to
> /usr/local/apache/htdocs/secure/file.html failed for x.x.x.x, reason: SSL
> connection required
> [Thu Apr 8 11:10:21 1999] [error] access to
> /usr/local/apache/htdocs/secure/file.html failed for x.x.x.x, reason: SSL
> connection required
>
> and the access_log shows
>
> x.x.x.x - - [08/Apr/1999:11:10:11 -0700] "GET /secure/file.html HTTP/1.0" 401
> 469
> x.x.x.x - someuser [08/Apr/1999:11:10:21 -0700] "GET /secure/file.html HTTP/1.0"
> 200 258
>
> what i want is to only allow access for (1) local users (in x.x.x)
> and (2) non-local-but-valid users, and require secure connections
> for them all. this did work in an earlier version (apache_1.3.1
> + mod_ssl(something) + ssleay_0.9.0). there was mention of a similar
> problem with ProxyPass on comp.infosystems.www.servers.unix, but i
> can find mention of this. am i doing something wrong? thanks very
> much.
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfurt WWW.SmartRing.de
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
