Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Redirect to HTTPS before Basic Authentication Prompt? |
|
| Author |
|
bsimecek
Joined: 14 Aug 2006
Posts: 5
|
 Posted: Mon 14 Aug '06 3:59 Post subject: Redirect to HTTPS before Basic Authentication Prompt? |
 |
|
I have a server location that requires authentication to login. I know that BASIC authentication through Apache is bad unless it runs over a SSL connection (or some other method other than plain text).
Currently, if a user goes to a location through HTTPS, the user is prompted with a certificate and then after accepting, they are prompted for authentication (safe).
But not all users remember to use HTTPS. So I needed to do a redirect (used the follwing in .conf Directory statement)
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Well, now when going to an HTTP location, the user gets prompted for authentication, and if accepted they are redirected to HTTPS and get the certificate prompt. Is there a way to cause the certificate prompt to come before the authentication when accessing the HTTP location? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Mon 14 Aug '06 9:18 Post subject: |
|
|
There is no way to send the certificate prompt before the client (browser) accesses https. Maybe it works if you create an iframe with https page.
I haven't tested it yet. |
|
| Back to top |
|
|
|
|
|
|
