Dear all,
I’m trying to figure out how I can give access to documents by combining SSL
and basic user authentication. The following is from my httpd config:
<Directory "${WEBAPPS_ROOT}/test/user">
AllowOverride None
Options None
AuthType Basic
AuthName "Test User"
AuthBasicProvider dbd
AuthDBDUserPWQuery "select human.get_user_password(%s);"
AuthzDBDQuery "select human.get_user_groups(%s);"
Require ssl
Require dbd-group user
</Directory>
The “Require ssl” denies access to the document for normal http:// connections
which is what I want. But it allows accessing the documents without doing any
authentication if I do use a https:// connection. My goal is to have an SSL
connection but still it’s required to authenticate.
If I remove the “Require ssl” then the authentication works as expected but
then a normal http:// connection is possible also. I want to avoid, for the
obvious reason, that with basic authentication the password is send unencrypted
(just the standard base64 encoding according to the HTTP specification).
BTW, I though that “Satisfy all” would solve this issue but it does not.
Or is the rewrite trick where http:// connections are redirected to https://
connections sufficient? I somehow have the idea it’s not but I can’t put my
finger on that. Any insights on this would also be appreciated.
Any hints would be appreciated.
Cheers,
Richard
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
