Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: How to force url to use login page first if not authnticated |
|
| Author |
|
vivek2k18
Joined: 23 Jul 2018
Posts: 1
Location: India
|
 Posted: Mon 23 Jul '18 17:36 Post subject: How to force url to use login page first if not authnticated |
 |
|
Hello All,
I am struggling with one scenario. I hope you guys can suggest some good solutions here.
Case: I have one application like https://xyz.domain.com
It is actually login page for internal user and external user and it is handled by IIS web server, all authentications are managed by IIS only, after authentication this url forwarded to Apache web server, where application is hosted. URL is https://xyz.domain.com:449/t2y.
Issue is if someone copy this Apache url and open in new browser then anyone can access this url without any issue. I expect it should not run if user is not authenticated and url go to login page which i have explained earlier.
I have seen that after authentication IIS keep AUTH_SESSION_ID, So my question is -- Is it possible in Apache to check AUTH_SESSION_ID, if it exist then user can access Apache url and if there is no value or missing AUTH_SESSION_ID then it should forward to login url?
Any idea how to fix that scenario?
Thanks in Advance!!
Regards,
Vivek |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Fri 27 Jul '18 10:39 Post subject: |
|
|
| When on the same server you can add port 449 to the firewall. |
|
| Back to top |
|
|
|
|
|
|
