Re: [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?

---

• From: "David C. Rankin" <drankinatty@xxxxxxxxxxxxxxxxxx>
• Date: Wed, 19 Nov 2008 07:26:22 -0600

---

Andrew Joakimsen wrote:

On Mon, Nov 17, 2008 at 01:38, David C. Rankin
<drankinatty@xxxxxxxxxxxxxxxxxx> wrote:

Andrew Joakimsen wrote:

On Sun, Nov 16, 2008 at 00:12, David C. Rankin
<drankinatty@xxxxxxxxxxxxxxxxxx> wrote:

Spoke too soon. There is still a multiple password prompt when the https
rewrite is invoked. Is there a way I can change the order of the directory
definition in httpd.conf to avoid this?

The HTTP re-write is being password protected, that is:

1) User requests http://site.com/whatever/ -> Authentication request #1
2) Rewrite to https://site.com/whatever/
3) Authentication #2 on the "new site"... the browser treats
https://site.com & http://site.com as 2 different sites.

So simply setup the not https directory not to be password protected.
Of course do not serve the files there, just the redirect/rewrite.

Thanks, but in this situation, the there isn't a way to separate files for
access either by http or https, there is only one set of files that must be
available to both protocols.

The rewrite only occurs for access by IPs outside the local lan. I don't want
users on the local lan to have to use https to access the files, but I do want
everyone to have to authenticate. I don't want people outside the lan to access
the files without https to prevent passwords from flying across public space in
the clear.

I know that http:// and https:// are two different authentication contexts, but
why can't I just do a redirect before the authentication takes place?

If it is internal vs external why can't you use 2 IP addresses on the
system, then setup on the 2nd IP the HTTPS server and HTTP virtualhost
without authentication with only the redirect. I assume you are using
some sort of firewall device for your external access in which case
this should work well (just don't forget to change what IP address the
firewall forwards to.

Or you can make both the http and https be a redirect without a
password, based on the connection bein internal or external it will
forward to the correct place. It will require you change the URL the
files are at but with the redirect any old links will still work.

OK,

The light bulb is starting to show a dim-glow... What you're saying is that
instead of having both internal and external access www.3111skyline.com, split
it up so internal addresses go to 192.168.12.14 and external access goes to
66.76.66.63? I guess that's IP virtual hosting instead of name based virtual
hosting. (Is the light bolb growing in the right direction -- or were you
thinking something else??)

--
David C. Rankin, J.D.,P.E. |
Rankin Law Firm, PLLC | Countdown for openSuSE 11.1
510 Ochiltree Street | http://counter.opensuse.org/11.1/small
Nacogdoches, Texas 75961 |
Telephone: (936) 715-9333 | openSoftware und SystemEntwicklung
Facsimile: (936) 715-9339 | http://www.opensuse.org/
www.rankinlawfirm.com |
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

---

• References:
  • [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?
    • From: David C. Rankin
  • Re: [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?
    • From: David C. Rankin
  • Re: [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?
    • From: David C. Rankin
  • Re: [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?
    • From: Andrew Joakimsen
  • Re: [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?
    • From: David C. Rankin
  • Re: [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?
    • From: Andrew Joakimsen

• Prev by Date: Re: [opensuse] wait times excessive high {Suse 10.3 & 11}
• Next by Date: Re: [opensuse] Attempting (and failing) to use my UPS
• Previous by thread: Re: [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?
• Next by thread: [opensuse] desktop bg color with KDE4 and no plasma
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: redirect http to https for virtual directories ... Did you setup httpredirect.asp as the 403.4 custom error for the virtual ... at the URL and if it comes over "80" redirect to ... httpredirect.asp BUT ASKS FOR THE AUTHENTICATION even ... 403.4 custom error not handling http to https redirects ... (microsoft.public.inetserver.iis) Re: http://companyname/remote no longer redirects or works ... It seems that the SBSFLT ISAPI filter is missing. ... The filter is used to redirect all incoming ... RWW requests from HTTP to HTTPS if SSL is enabled. ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: redirect http to https for virtual directories ... at the URL and if it comes over "80" redirect to ... Enable anonymous access and unchecked the Require SSL ... If proper authentication is provided, ... custom error not handling http to https redirects ... (microsoft.public.inetserver.iis) RE: HTTPS automatic redirection ... but there's no redirection to https. ... Don't want to do a static redirect, ... client will be ... >automatically redirected to the HTTPS Web site. ... (microsoft.public.inetserver.iis.security) Re: [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice? ... So simply setup the not https directory not to be password protected. ... The rewrite only occurs for access by IPs outside the local lan. ... why can't I just do a redirect before the authentication takes place? ... without authentication with only the redirect. ... (SuSE)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)