Re: [users@httpd] Combining SSL and basic user (group) authentication

Sun, 31 Mar 2019 09:49:31 -0700 

Why not redirect the incoming HTTP connections to HTTPS?  

<VirtualHost *:80>
   ServerName www.mysite.ca
   Redirect permanent / https://www.mysite.com
</VirtualHost>

Good luck!

John
==========================================
On Sun, 2019-03-31 at 16:05 +0200, Richard70nl wrote:
> Dear all,
> 
> I’m trying to figure out how I can give access to documents by combining SSL
> and basic user authentication. The following is from my httpd config:
> 
> <Directory "${WEBAPPS_ROOT}/test/user">
>     AllowOverride None
>     Options None
> 
>     AuthType Basic
>     AuthName "Test User"
>     AuthBasicProvider dbd
>     AuthDBDUserPWQuery "select human.get_user_password(%s);"
>     AuthzDBDQuery "select human.get_user_groups(%s);"
>     
>     Require ssl
>     Require dbd-group user
> </Directory>
> 
> The “Require ssl” denies access to the document for normal http:// connections
> which is what I want. But it allows accessing the documents without doing any
> authentication if I do use a https:// connection. My goal is to have an SSL
> connection but still it’s required to authenticate.
> 
> If I remove the “Require ssl” then the authentication works as expected but
> then a normal http:// connection is possible also. I want to avoid, for the
> obvious reason, that with basic authentication the password is send
> unencrypted (just the standard base64 encoding according to the HTTP
> specification).
> 
> BTW, I though that “Satisfy all” would solve this issue but it does not.
> 
> Or is the rewrite trick where http:// connections are redirected to https://
> connections sufficient? I somehow have the idea it’s not but I can’t put my
> finger on that. Any insights on this would also be appreciated.
> 
> Any hints would be appreciated.
> 
> Cheers,
> Richard
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to