Hello,
I'm trying to create an access rule so that users can access
the website unsecurely from inside the office and have to use https
to access it from the outside.
I put this in a .htaccess file:
Order Deny,Allow
Deny from all
Allow from env=HTTPS
Allow from 192.168.1.0/24
However, this doesn't work. The "Allow from env=HTTPS" line _never_
works, however hard I try.
If I execute a CGI script that prints the environment variables, I
can see that "HTTPS=on". Also if I put the following in the .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule .* - [E=secure:on]
.. I can see from the output of the mentioned CGI script that the
environment variable "secure" is set to "on" as well. So it appears
that mod_rewrite does see the HTTPS variable, but that mod_access
doesn't ... I've read the mod_access source, and it should work.
The only problem could be the order in which the modules are loaded
and the requests are processed - but that shouldn't matter, right,
as the EAPI hooks that mod_ssl uses make sure that HTTPS is set
very early (I read the mod_ssl source and that seems to happen).
So why doesn't it work ?
Oh - apache 1.3.14, mod_ssl 2.7.1
Mike.
--
Go not unto the Usenet for advice, for you will be told both yea and nay (and
quite a few things that just have nothing at all to do with the question).
-- seen in a .sig somewhere
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
