Hi,
if "satisfy" any really means: satisfy "from" or "user" or "ssl" then I
think the function of satisfy should be changed that it not override
SSLRequireSSL (if possible) in next mod_ssl version...
(Since the manual tells: "When this directive is present all requests are
denied which are not using SSL")
oki,
Steffen
> It seems that the First Basic auth is checked and then
> SSLRequireSSL... Thus first Apache determines that BA
> is needed and askes for it immediatly.
> >
> > <Directory /usr/local/apache/htdocs/secure>
> > SSLRequireSSL
> > Allow from x.x.x
> > Require valid-user
> > Satisfy any
> > </Directory>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
